📦 Build Of Keycloak

This CVE describes a session fixation vulnerability in Keycloak's SAML adapters where session IDs aren't regenerated during login, even when configured to do so. Attackers who hijack a session before ...

This vulnerability in Keycloak allows attackers to bypass URL validation in redirects when clients use wildcards in Valid Redirect URIs. Attackers can construct malicious requests to access unauthoriz...

A privilege escalation vulnerability in Keycloak allows administrative users with the manage-users role to elevate their privileges to realm-admin when Fine-Grained Admin Permissions (FGAPv2) are enab...

CVE-2024-7260 is an open redirect vulnerability in Keycloak that allows attackers to craft malicious URLs that appear to be legitimate Keycloak pages but redirect users to malicious websites. This aff...