Keycloak 漏洞列表

共找到 9 个与 Keycloak 相关的漏洞

📅 加载漏洞趋势中...

CVE-2020-10770: Keycloak <= 12.0.1 - request_uri Blind Server-Side Request Forgery (SSRF) POC

日期: 2025-08-01 | 影响软件: Keycloak

Keycloak 12.0.1 and below allows an attacker to force the server to request an unverified URL using the OIDC parameter request_uri. This allows an attacker to execute a server-side request forgery (SSRF) attack.
CVE-2020-27838: KeyCloak - Information Exposure POC

日期: 2025-08-01 | 影响软件: KeyCloak

A flaw was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fetching information about PUBLIC clients (like client secret) without authentication which could be an issue if the same PUBLIC client changed to CONFIDENTIAL later. The highest threat from this vulnerability is to data confidentiality.
CVE-2021-20323: Keycloak 10.0.0 - 18.0.0 - Cross-Site Scripting POC

日期: 2025-08-01 | 影响软件: Keycloak

Keycloak 10.0.0 to 18.0.0 contains a cross-site scripting vulnerability via the client-registrations endpoint. On a POST request, the application does not sanitize an unknown attribute name before including it in the error response with a 'Content-Type' of text/hml. Once reflected, the response is interpreted as HTML. This can be performed on any realm present on the Keycloak instance. Since the bug requires Content-Type application/json and is submitted via a POST, there is no common path to exploit that has a user impact.
CVE-2024-3656: Keycloak < 24.0.5 - Broken Access Control POC

日期: 2025-08-01 | 影响软件: Keycloak

A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise.
CVE-2024-8698: Keycloak - SAML Core Package Signature Validation Flaw POC

日期: 2025-08-01 | 影响软件: Keycloak

A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Reference element used to specify the signed element. This flaw allows attackers to create crafted responses that can bypass the validation, potentially leading to privilege escalation or impersonation attacks.
CVE-2024-8883: Keycloak - Open Redirect POC

日期: 2025-08-01 | 影响软件: Keycloak

A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking.
Red Hat Keycloak 签名验证不当漏洞无POC

日期: 2024-09-23 | 影响软件: Keycloak

Red Hat Keycloak 签名验证不当漏洞
Red Hat Keycloak 信息泄露漏洞无POC

日期: 2024-08-14 | 影响软件: Keycloak

Red Hat Keycloak是美国红帽（Red Hat）公司的一套为现代应用和服务提供身份验证和管理功能的软件。 Red Hat Keycloak存在信息泄露漏洞。攻击者利用该漏洞导致数据泄露或系统受损。
Keycloak <= 12.0.1存在SSRF漏洞(CVE-2020-10770) 无POC

日期: 2024-03-26 | 影响软件: Keycloak

Keycloak是一个身份认证系统，该系统<= 12.0.1版本存在SSRF漏洞

CVE-2020-10770: Keycloak <= 12.0.1 - request_uri Blind Server-Side Request Forgery (SSRF) POC

CVE-2020-27838: KeyCloak - Information Exposure POC

CVE-2021-20323: Keycloak 10.0.0 - 18.0.0 - Cross-Site Scripting POC

CVE-2024-3656: Keycloak < 24.0.5 - Broken Access Control POC

CVE-2024-8698: Keycloak - SAML Core Package Signature Validation Flaw POC

CVE-2024-8883: Keycloak - Open Redirect POC

Red Hat Keycloak 签名验证不当漏洞 无POC

Red Hat Keycloak 信息泄露漏洞 无POC

Keycloak <= 12.0.1存在SSRF漏洞(CVE-2020-10770) 无POC

Red Hat Keycloak 签名验证不当漏洞无POC

Red Hat Keycloak 信息泄露漏洞无POC