CVE-2020-35509 log

Severity Medium
Remote Yes
Type Certificate verification bypass
A security issue has been found in Keycloak before version 14.0.0. Depending on the webserver configuration, a malicious user can supply an expired certificate and it would be accepted by Keycloak direct-grant authenticator. This is because Keycloak does not trigger the appropriate timestamp validation.
Group Package Affected Fixed Severity Status Ticket
AVG-2084 keycloak 13.0.1-1 14.0.0-1 Medium Fixed
Date Advisory Group Package Severity Type
22 Jun 2021 ASA-202106-53 AVG-2084 keycloak Medium certificate verification bypass