Redhat Keycloak vulnerabilities

CVE-2018-14655 [MEDIUM] CWE-79 CVE-2018-14655: A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final. When using 'response_mode=form_p A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final. When using 'response_mode=form_post' it is possible to inject arbitrary Javascript-Code via the 'state'-parameter in the authentication URL. This allows an XSS-Attack upon succesfully login.

CVE-2016-8609 [HIGH] CWE-384 CVE-2016-8609: It was found that the keycloak before 2.3.0 did not implement authentication flow correctly. An atta It was found that the keycloak before 2.3.0 did not implement authentication flow correctly. An attacker could use this flaw to construct a phishing URL, from which he could hijack the user's session. This could lead to information disclosure, or permit further possible attacks.

CVE-2018-10894 [MEDIUM] CWE-345 CVE-2018-10894: It was found that SAML authentication in Keycloak 3.4.3.Final incorrectly authenticated expired cert It was found that SAML authentication in Keycloak 3.4.3.Final incorrectly authenticated expired certificates. A malicious user could use this to access unauthorized data or possibly conduct further attacks.

CVE-2017-2646 [HIGH] CWE-835 CVE-2017-2646: It was found that when Keycloak before 2.5.5 receives a Logout request with a Extensions in the midd It was found that when Keycloak before 2.5.5 receives a Logout request with a Extensions in the middle of the request, the SAMLSloRequestParser.parse() method ends in a infinite loop. An attacker could use this flaw to conduct denial of service attacks.

CVE-2017-2582 [MEDIUM] CWE-201 CVE-2017-2582: It was found that while parsing the SAML messages the StaxParserUtil class of keycloak before 2.5.1 It was found that while parsing the SAML messages the StaxParserUtil class of keycloak before 2.5.1 replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request ID field to be the chosen system property which coul

CVE-2018-10912 [MEDIUM] CWE-835 CVE-2018-10912: keycloak before version 4.0.0.final is vulnerable to a infinite loop in session replacement. A Keycl keycloak before version 4.0.0.final is vulnerable to a infinite loop in session replacement. A Keycloak cluster with multiple nodes could mishandle an expired session replacement and lead to an infinite loop. A malicious authenticated user could use this flaw to achieve Denial of Service on the server.

CVE-2017-2585 [MEDIUM] CWE-200 CVE-2017-2585: Red Hat Keycloak before version 2.5.1 has an implementation of HMAC verification for JWS tokens that Red Hat Keycloak before version 2.5.1 has an implementation of HMAC verification for JWS tokens that uses a method that runs in non-constant time, potentially leaving the application vulnerable to timing attacks.

CVE-2016-8629 [MEDIUM] CWE-284 CVE-2016-8629: Red Hat Keycloak before version 2.4.0 did not correctly check permissions when handling service acco Red Hat Keycloak before version 2.4.0 did not correctly check permissions when handling service account user deletion requests sent to the rest server. An attacker with service account authentication could use this flaw to bypass normal permissions and delete users in a separate realm.