AVG-1926 log

Package keycloak
Status Fixed
Severity High
Type multiple issues
Affected 12.0.4-1
Fixed 13.0.0-1
Current 26.0.7-1 [extra]
Ticket None
Created Thu May 6 17:58:37 2021
Issue Severity Remote Type Description
CVE-2021-20222 High Yes Cross-site scripting
A security issue was found in keycloak before version 13.0.0. The new account console in keycloak can allow malicious code to be executed using the referrer URL.
CVE-2021-20202 Medium No Information disclosure
A security issue was found in keycloak before version 13.0.0. Directories can be created prior to the Java process creating them in the temporary directory,...
CVE-2021-3513 Medium Yes Information disclosure
A security issue was found in keycloak before version 13.0.0 where brute force attacks are possible even when the permanent lockout feature is enabled...
CVE-2020-27838 Medium Yes Information disclosure
A security issue was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fetching information about PUBLIC clients (like...
CVE-2020-14302 Medium Yes Insufficient validation
A flaw was found in Keycloak before 13.0.0 where an external identity provider, after successful authentication, redirects to a Keycloak endpoint that...
Date Advisory Package Type
19 May 2021 ASA-202105-6 keycloak multiple issues