Suggestions search

Untriaged

Filter by:

With package: python314Packages.python-keycloak

Found 3 matching suggestions

View:

Compact

Detailed

Permalink CVE-2025-12150

3.1 LOW

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): LOW
Availability impact (A): NONE

created 1 month, 2 weeks ago

Org.keycloak/keycloak-services: webauthn attestation statement verification bypass

A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: "none", even when the realm is configured to require direct attestation. This can lead to weakened authentication integrity and unauthorized authenticator registration.

References

RHSA-2025:21370 vendor-advisoryx_refsource_REDHAT
RHSA-2025:21371 vendor-advisoryx_refsource_REDHAT
RHSA-2025:22088 vendor-advisoryx_refsource_REDHAT
RHSA-2025:22089 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-12150 vdb-entryx_refsource_REDHAT
RHBZ#2406192 x_refsource_REDHATissue-tracking
https://github.com/keycloak/keycloak/issues/43723

Affected products

keycloak

<26.4.4

rhbk/keycloak-rhel9

rhbk/keycloak-rhel9-operator

rhbk/keycloak-operator-bundle

org.keycloak/keycloak-services

Red Hat build of Keycloak 26.2.11

Matching in nixpkgs

pkgs.keycloak

Identity and access management for modern applications and services

nixos-unstable 26.5.4
- nixpkgs-unstable 26.5.4
- nixos-unstable-small 26.5.4
nixos-25.11 26.5.4
- nixos-25.11-small 26.5.4
- nixpkgs-25.11-darwin 26.5.4

pkgs.terraform-providers.keycloak

None

nixos-unstable 5.6.0
- nixpkgs-unstable 5.7.0
- nixos-unstable-small 5.7.0
nixos-25.11 5.5.0
- nixos-25.11-small 5.5.0
- nixpkgs-25.11-darwin 5.5.0

pkgs.python312Packages.python-keycloak

Provides access to the Keycloak API

nixos-25.11 4.0.0
- nixos-25.11-small 4.0.0
- nixpkgs-25.11-darwin 4.0.0

pkgs.python313Packages.python-keycloak

Provides access to the Keycloak API

nixos-unstable 7.0.2
- nixpkgs-unstable 7.0.2
- nixos-unstable-small 7.0.2
nixos-25.11 4.0.0
- nixos-25.11-small 4.0.0
- nixpkgs-25.11-darwin 4.0.0

pkgs.python314Packages.python-keycloak

Provides access to the Keycloak API

nixos-unstable 7.0.2
- nixpkgs-unstable 7.0.2
- nixos-unstable-small 7.0.2

pkgs.terraform-providers.keycloak_keycloak

None

nixos-unstable 5.6.0
- nixpkgs-unstable 5.7.0
- nixos-unstable-small 5.7.0
nixos-25.11 5.5.0
- nixos-25.11-small 5.5.0
- nixpkgs-25.11-darwin 5.5.0

Package maintainers

@ngerstle Nicholas Gerstle <ngerstle@gmail.com>
@talyz Kim Lindberger <kim.lindberger@gmail.com>
@leona-ya Leona Maroni <nix@leona.is>
@NickCao Nick Cao <nickcao@nichi.co>

Permalink CVE-2014-3655

created 1 month, 3 weeks ago

JBoss KeyCloak is vulnerable to soft token deletion via CSRF

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3655 x_refsource_MISC
https://access.redhat.com/security/cve/cve-2014-3655 x_refsource_MISC
https://snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-30138 x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3655 x_transferredx_refsource_MISC
https://access.redhat.com/security/cve/cve-2014-3655 x_transferredx_refsource_MISC
https://snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-30138 x_transferredx_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3655 x_refsource_MISC
https://access.redhat.com/security/cve/cve-2014-3655 x_refsource_MISC
https://snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-30138 x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3655 x_transferredx_refsource_MISC
https://access.redhat.com/security/cve/cve-2014-3655 x_transferredx_refsource_MISC
https://snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-30138 x_transferredx_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3655 x_refsource_MISC
https://access.redhat.com/security/cve/cve-2014-3655 x_refsource_MISC
https://snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-30138 x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3655 x_transferredx_refsource_MISC
https://access.redhat.com/security/cve/cve-2014-3655 x_transferredx_refsource_MISC
https://snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-30138 x_transferredx_refsource_MISC

Affected products

KeyCloak

==Fixed in version 1.1.0-Alpha1

Matching in nixpkgs

pkgs.keycloak

Identity and access management for modern applications and services

nixos-unstable 26.5.3
- nixpkgs-unstable 26.5.3
- nixos-unstable-small 26.5.3
nixos-25.11 26.5.3
- nixos-25.11-small 26.5.3
- nixpkgs-25.11-darwin 26.5.3

pkgs.terraform-providers.keycloak

None

nixos-unstable 5.6.0
- nixpkgs-unstable 5.6.0
- nixos-unstable-small 5.6.0
nixos-25.11 5.5.0
- nixos-25.11-small 5.5.0
- nixpkgs-25.11-darwin 5.5.0

pkgs.python312Packages.python-keycloak

Provides access to the Keycloak API

nixos-25.11 4.0.0
- nixos-25.11-small 4.0.0
- nixpkgs-25.11-darwin 4.0.0

pkgs.python313Packages.python-keycloak

Provides access to the Keycloak API

nixos-unstable 4.0.0
- nixpkgs-unstable 4.0.0
- nixos-unstable-small 4.0.0
nixos-25.11 4.0.0
- nixos-25.11-small 4.0.0
- nixpkgs-25.11-darwin 4.0.0

pkgs.python314Packages.python-keycloak

Provides access to the Keycloak API

nixos-unstable 4.0.0
- nixpkgs-unstable 4.0.0
- nixos-unstable-small 4.0.0

pkgs.terraform-providers.keycloak_keycloak

None

nixos-unstable 5.6.0
- nixpkgs-unstable 5.6.0
- nixos-unstable-small 5.6.0
nixos-25.11 5.5.0
- nixos-25.11-small 5.5.0
- nixpkgs-25.11-darwin 5.5.0

Package maintainers

@ngerstle Nicholas Gerstle <ngerstle@gmail.com>
@talyz Kim Lindberger <kim.lindberger@gmail.com>
@leona-ya Leona Maroni <nix@leona.is>
@NickCao Nick Cao <nickcao@nichi.co>

Permalink CVE-2025-13881

2.7 LOW

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): HIGH
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): NONE
Availability impact (A): NONE

created 2 months, 1 week ago

Org.keycloak.services.resources.admin: keycloak: limited administrator can retrieve sensitive user attributes via admin api

A flaw was found in Keycloak Admin API. This vulnerability allows an administrator with limited privileges to retrieve sensitive custom attributes via the /unmanagedAttributes endpoint, bypassing User Profile visibility settings.