Redhat.Com Keycloak vulnerabilities

CVE-2023-0264 [MEDIUM] CWE-287 CVE-2023-0264: A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, integrity, and availabili

CVE-2022-3782 [CRITICAL] CWE-22 CVE-2022-3782: keycloak: path traversal via double URL encoding. A flaw was found in Keycloak, where it does not pr keycloak: path traversal via double URL encoding. A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This fla