Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

All statuses

Filter by:

With package: terraform-providers.keycloak_keycloak

Found 1 matching suggestions

View:

Compact

Detailed

Untriaged

Permalink CVE-2025-12150

3.1 LOW

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): High (H)
Privileges Required (PR): None (N)
User Interaction (UI): Required (R)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): Low (L)
Availability (A): None (N)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): High (H)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): Required (R)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): Low (L)
Modified Availability (MA): None (N)

created 3 months ago Activity log

Created suggestion 3 months ago

Org.keycloak/keycloak-services: webauthn attestation statement verification bypass

A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: "none", even when the realm is configured to require direct attestation. This can lead to weakened authentication integrity and unauthorized authenticator registration.

References

RHSA-2025:21370 x_refsource_REDHATvendor-advisory
RHSA-2025:21371 x_refsource_REDHATvendor-advisory
RHSA-2025:22088 x_refsource_REDHATvendor-advisory
RHSA-2025:22089 x_refsource_REDHATvendor-advisory
https://access.redhat.com/security/cve/CVE-2025-12150 vdb-entryx_refsource_REDHAT
RHBZ#2406192 x_refsource_REDHATissue-tracking
https://github.com/keycloak/keycloak/issues/43723

Affected products

keycloak

<26.4.4

rhbk/keycloak-rhel9

*

rhbk/keycloak-rhel9-operator

*

rhbk/keycloak-operator-bundle

*

org.keycloak/keycloak-services

Red Hat build of Keycloak 26.2.11

Matching in nixpkgs

pkgs.keycloak

Identity and access management for modern applications and services

nixos-unstable 26.5.4
- nixpkgs-unstable 26.5.4
- nixos-unstable-small 26.5.4
nixos-25.11 26.5.4
- nixos-25.11-small 26.5.4
- nixpkgs-25.11-darwin 26.5.4

pkgs.terraform-providers.keycloak

None

nixos-unstable 5.6.0
- nixpkgs-unstable 5.7.0
- nixos-unstable-small 5.7.0
nixos-25.11 5.5.0
- nixos-25.11-small 5.5.0
- nixpkgs-25.11-darwin 5.5.0

pkgs.python312Packages.python-keycloak

Provides access to the Keycloak API

nixos-25.11 4.0.0
- nixos-25.11-small 4.0.0
- nixpkgs-25.11-darwin 4.0.0

pkgs.python313Packages.python-keycloak

Provides access to the Keycloak API

nixos-unstable 7.0.2
- nixpkgs-unstable 7.0.2
- nixos-unstable-small 7.0.2
nixos-25.11 4.0.0
- nixos-25.11-small 4.0.0
- nixpkgs-25.11-darwin 4.0.0

pkgs.python314Packages.python-keycloak

Provides access to the Keycloak API

nixos-unstable 7.0.2
- nixpkgs-unstable 7.0.2
- nixos-unstable-small 7.0.2

pkgs.terraform-providers.keycloak_keycloak

None

nixos-unstable 5.6.0
- nixpkgs-unstable 5.7.0
- nixos-unstable-small 5.7.0
nixos-25.11 5.5.0
- nixos-25.11-small 5.5.0
- nixpkgs-25.11-darwin 5.5.0

Package maintainers

@leona-ya Leona Maroni <nix@leona.is>
@ngerstle Nicholas Gerstle <ngerstle@gmail.com>
@talyz Kim Lindberger <kim.lindberger@gmail.com>
@NickCao Nick Cao <nickcao@nichi.co>

1