Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2014-3655

created 1 month, 3 weeks ago

JBoss KeyCloak is vulnerable to soft token deletion via CSRF

JBoss KeyCloak is vulnerable to soft token deletion via CSRF

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3655 x_refsource_MISC
https://access.redhat.com/security/cve/cve-2014-3655 x_refsource_MISC
https://snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-30138 x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3655 x_transferredx_refsource_MISC
https://access.redhat.com/security/cve/cve-2014-3655 x_transferredx_refsource_MISC
https://snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-30138 x_transferredx_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3655 x_refsource_MISC
https://access.redhat.com/security/cve/cve-2014-3655 x_refsource_MISC
https://snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-30138 x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3655 x_transferredx_refsource_MISC
https://access.redhat.com/security/cve/cve-2014-3655 x_transferredx_refsource_MISC
https://snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-30138 x_transferredx_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3655 x_refsource_MISC
https://access.redhat.com/security/cve/cve-2014-3655 x_refsource_MISC
https://snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-30138 x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3655 x_transferredx_refsource_MISC
https://access.redhat.com/security/cve/cve-2014-3655 x_transferredx_refsource_MISC
https://snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-30138 x_transferredx_refsource_MISC

Affected products

KeyCloak

==Fixed in version 1.1.0-Alpha1

Matching in nixpkgs

pkgs.keycloak

Identity and access management for modern applications and services

nixos-unstable 26.5.3
- nixpkgs-unstable 26.5.3
- nixos-unstable-small 26.5.3
nixos-25.11 26.5.3
- nixos-25.11-small 26.5.3
- nixpkgs-25.11-darwin 26.5.3

pkgs.terraform-providers.keycloak

None

nixos-unstable 5.6.0
- nixpkgs-unstable 5.6.0
- nixos-unstable-small 5.6.0
nixos-25.11 5.5.0
- nixos-25.11-small 5.5.0
- nixpkgs-25.11-darwin 5.5.0

pkgs.python312Packages.python-keycloak

Provides access to the Keycloak API

nixos-25.11 4.0.0
- nixos-25.11-small 4.0.0
- nixpkgs-25.11-darwin 4.0.0

pkgs.python313Packages.python-keycloak

Provides access to the Keycloak API

nixos-unstable 4.0.0
- nixpkgs-unstable 4.0.0
- nixos-unstable-small 4.0.0
nixos-25.11 4.0.0
- nixos-25.11-small 4.0.0
- nixpkgs-25.11-darwin 4.0.0

pkgs.python314Packages.python-keycloak

Provides access to the Keycloak API

nixos-unstable 4.0.0
- nixpkgs-unstable 4.0.0
- nixos-unstable-small 4.0.0

pkgs.terraform-providers.keycloak_keycloak

None

nixos-unstable 5.6.0
- nixpkgs-unstable 5.6.0
- nixos-unstable-small 5.6.0
nixos-25.11 5.5.0
- nixos-25.11-small 5.5.0
- nixpkgs-25.11-darwin 5.5.0

Package maintainers

@ngerstle Nicholas Gerstle <ngerstle@gmail.com>
@talyz Kim Lindberger <kim.lindberger@gmail.com>
@leona-ya Leona Maroni <nix@leona.is>
@NickCao Nick Cao <nickcao@nichi.co>