AVG-1332 log

Package keycloak
Status Vulnerable
Severity Medium
Type multiple issues
Affected 12.0.1-1
Fixed Unknown
Current 12.0.1-1 [community]
Ticket Create
Created Tue Dec 8 14:05:43 2020
Issue Severity Remote Type Description
CVE-2020-35509 Medium Yes Certificate verification bypass
Depending on the webserver configuration, a malicious user can supply an expired certificate and it would be accepted by Keycloak direct- grant...
CVE-2020-27838 Medium Yes Information disclosure
Client registration endpoints should not allow fetching information about public clients without authentication.
CVE-2020-14302 Medium Yes Insufficient validation
A flaw was found in Keycloak before 13.0.0 where an external identity provider, after successful authentication, redirects to a Keycloak endpoint that...
CVE-2020-10770 Medium Yes Cross-site request forgery
A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri....