📦 Single Sign On

Keycloak has a cross-site scripting (XSS) vulnerability in SAML and OIDC providers where attackers can inject malicious scripts via AssertionConsumerServiceURL or redirect_uri parameters. This allows ...

This vulnerability in Undertow allows malicious clients to send malformed requests that trigger server-side stream resets without incrementing abuse counters. This 'MadeYouReset' attack enables denial...

This CVE describes a denial-of-service vulnerability in Keycloak where attackers can send repeated HTTP requests with excessive attributes, causing resource exhaustion by forcing the application to pr...

This CVE describes a session fixation vulnerability in Keycloak's SAML adapters where session IDs aren't regenerated during login, even when configured to do so. Attackers who hijack a session before ...

This vulnerability in Keycloak allows attackers to bypass URL validation in redirects when clients use wildcards in Valid Redirect URIs. Attackers can construct malicious requests to access unauthoriz...

This vulnerability in Keycloak's redirect_uri validation logic allows attackers to bypass host restrictions and steal access tokens. Attackers can then impersonate legitimate users. All Keycloak deplo...

An unconstrained memory consumption vulnerability in Keycloak allows attackers to cause denial of service by triggering excessive resource usage when accessing the admin UI's consents tab in environme...

CVE-2023-44487 is an HTTP/2 protocol vulnerability that allows attackers to cause denial of service by rapidly resetting streams, consuming server resources. This affects any system using HTTP/2, incl...

This reflected cross-site scripting (XSS) vulnerability in Keycloak's 'oob' OAuth endpoint allows attackers to inject malicious scripts via crafted links, potentially compromising user details when vi...

CVE-2023-1108 is a denial-of-service vulnerability in Undertow's SSL/TLS implementation where an infinite loop in the handshake process can crash the server. This affects any system running vulnerable...

CVE-2022-4492 is a server certificate validation bypass vulnerability in Undertow HTTP client. It allows attackers to perform man-in-the-middle attacks by presenting invalid certificates that should b...

CVE-2021-3717 is a security flaw in Wildfly's elytron configuration that incorrectly handles JBOSS_LOCAL_USER challenges. This allows any local user on the machine to gain JBOSS_LOCAL_USER access, pot...

This vulnerability in Keycloak allows session persistence after logout when using external SAML identity providers with specific Principal Type configurations. Attackers could maintain access to user ...

CVE-2022-0853 is a memory leak vulnerability in JBoss client applications that repeatedly use UserTransaction. This allows attackers to cause information leakage by exhausting memory resources. Organi...

CVE-2021-4104 is a deserialization vulnerability in Log4j 1.2's JMSAppender that allows remote code execution when attackers can modify Log4j configuration files. This affects systems running Log4j 1....

This vulnerability allows attackers to bypass Hibernate Validator's SafeHtml validation by omitting tag endings with less-than characters. This enables HTML injection and Cross-Site Scripting (XSS) at...

CVE-2022-1274 is an HTML injection vulnerability in Keycloak's execute-actions-email endpoint that allows attackers to inject arbitrary HTML into emails sent to users. This affects all Keycloak deploy...

CVE-2022-2237 is an open redirect vulnerability in Keycloak's Node.js adapter checkSso function. This allows attackers to redirect users to malicious websites after authentication. Organizations using...