Vulnerabilities in redhat.com
6 resultsCVE-2022-3782CRITICALkeycloak: path traversal via double URL encoding. A flaw was found in Keycloak, where it does not properly validate URLs included in a redirEPSS 5.8%CVE-2023-0264—A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker whoEPSS 1.3%CVE-2023-0105MEDIUMA flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An EPSS 0.7%CVE-2022-3143HIGHwildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.AEPSS 0.6%CVE-2023-0091LOWA flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flawEPSS 0.5%CVE-2022-3841HIGHRHACM: unauthenticated SSRF in console API endpoint. A Server-Side Request Forgery (SSRF) vulnerability was found in the console API endpoinEPSS 0.2%