| CVE-2021-20222 |
High |
Yes |
Cross-site scripting |
A security issue was found in keycloak before version 13.0.0. The new account console in keycloak can allow malicious code to be executed using the referrer URL. |
| CVE-2021-20202 |
Medium |
No |
Information disclosure |
A security issue was found in keycloak before version 13.0.0. Directories can be created prior to the Java process creating them in the temporary directory,... |
| CVE-2021-3513 |
Medium |
Yes |
Information disclosure |
A security issue was found in keycloak before version 13.0.0 where brute force attacks are possible even when the permanent lockout feature is enabled... |
| CVE-2020-27838 |
Medium |
Yes |
Information disclosure |
A security issue was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fetching information about PUBLIC clients (like... |
| CVE-2020-14302 |
Medium |
Yes |
Insufficient validation |
A flaw was found in Keycloak before 13.0.0 where an external identity provider, after successful authentication, redirects to a Keycloak endpoint that... |