Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

Published
Filter by:
With package: python311Packages.python-keycloak

Found 1 matching suggestions

View:
Compact
Detailed
Permalink CVE-2023-4727
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): ADJACENT_NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
updated 6 months, 2 weeks ago by @Erethon Activity log
  • Created automatic suggestion 8 months, 1 week ago
  • @Erethon accepted 6 months, 2 weeks ago
  • @Erethon published on GitHub 6 months, 2 weeks ago
Ca: token authentication bypass vulnerability

A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege.

References

Affected products

keycloak
  • <11.5.1
pki-core
  • *
pki-core:10.6
  • *
redhat-pki:10
  • *
pki-core:10.6/pki-core
redhat-pki:10/pki-core

Matching in nixpkgs

pkgs.keycloak

Identity and access management for modern applications and services

Package maintainers