Search Results (614 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-3121 2 Keycloak, Redhat 8 Keycloak, Build Keycloak, Build Of Keycloak and 5 more 2026-04-15 6.5 Medium
A flaw was found in Keycloak. An administrator with `manage-clients` permission can exploit a misconfiguration where this permission is equivalent to `manage-permissions`. This allows the administrator to escalate privileges and gain control over roles, users, or other administrative functions within the realm. This privilege escalation can occur when admin permissions are enabled at the realm level.
CVE-2026-1180 1 Redhat 4 Build Keycloak, Jboss Enterprise Application Platform, Jbosseapxp and 1 more 2026-04-15 5.8 Medium
A flaw was identified in Keycloak’s OpenID Connect Dynamic Client Registration feature when clients authenticate using private_key_jwt. The issue allows a client to specify an arbitrary jwks_uri, which Keycloak then retrieves without validating the destination. This enables attackers to coerce the Keycloak server into making HTTP requests to internal or restricted network resources. As a result, attackers can probe internal services and cloud metadata endpoints, creating an information disclosure and reconnaissance risk.
CVE-2024-30171 1 Redhat 6 Amq Broker, Apache Camel Spring Boot, Camel Quarkus and 3 more 2026-04-15 5.9 Medium
An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing.
CVE-2024-10973 1 Redhat 3 Build Keycloak, Jboss Enterprise Application Platform, Jbosseapxp 2026-04-15 5.7 Medium
A vulnerability was found in Keycloak. The environment option `KC_CACHE_EMBEDDED_MTLS_ENABLED` does not work and the JGroups replication configuration is always used in plain text which can allow an attacker that has access to adjacent networks related to JGroups to read sensitive information.
CVE-2024-6162 1 Redhat 11 Apache Camel Hawtio, Apache Camel Spring Boot, Build Keycloak and 8 more 2026-04-15 7.5 High
A vulnerability was found in Undertow, where URL-encoded request paths can be mishandled during concurrent requests on the AJP listener. This issue arises because the same buffer is used to decode the paths for multiple requests simultaneously, leading to incorrect path information being processed. As a result, the server may attempt to access the wrong path, causing errors such as "404 Not Found" or other application failures. This flaw can potentially lead to a denial of service, as legitimate resources become inaccessible due to the path mix-up.
CVE-2024-11736 1 Redhat 3 Build Keycloak, Jboss Enterprise Application Platform, Jbosseapxp 2026-04-15 4.9 Medium
A vulnerability was found in Keycloak. Admin users may have to access sensitive server environment variables and system properties through user-configurable URLs. When configuring backchannel logout URLs or admin URLs, admin users can include placeholders like ${env.VARNAME} or ${PROPNAME}. The server replaces these placeholders with the actual values of environment variables or system properties during URL processing.
CVE-2024-8698 1 Redhat 4 Build Keycloak, Jboss Enterprise Application Platform, Red Hat Single Sign On and 1 more 2026-04-15 7.7 High
A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Reference element used to specify the signed element. This flaw allows attackers to create crafted responses that can bypass the validation, potentially leading to privilege escalation or impersonation attacks.
CVE-2024-9666 1 Redhat 2 Build Keycloak, Jboss Enterprise Application Platform 2026-04-15 4.7 Medium
A vulnerability was found in the Keycloak Server. The Keycloak Server is vulnerable to a denial of service (DoS) attack due to improper handling of proxy headers. When Keycloak is configured to accept incoming proxy headers, it may accept non-IP values, such as obfuscated identifiers, without proper validation. This issue can lead to costly DNS resolution operations, which an attacker could exploit to tie up IO threads and potentially cause a denial of service. The attacker must have access to send requests to a Keycloak instance that is configured to accept proxy headers, specifically when reverse proxies do not overwrite incoming headers, and Keycloak is configured to trust these headers.
CVE-2024-11734 1 Redhat 3 Build Keycloak, Jboss Enterprise Application Platform, Jbosseapxp 2026-04-15 6.5 Medium
A denial of service vulnerability was found in Keycloak that could allow an administrative user with the right to change realm settings to disrupt the service. This action is done by modifying any of the security headers and inserting newlines, which causes the Keycloak server to write to a request that has already been terminated, leading to the failure of said request.
CVE-2023-6717 1 Redhat 15 Amq Broker, Build Keycloak, Jboss Data Grid and 12 more 2026-04-15 6 Medium
A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs (ACS), posing a Cross-Site Scripting (XSS) risk. This issue may allow a malicious admin in one realm or a client with registration access to target users in different realms or applications, executing arbitrary JavaScript in their contexts upon form submission. This can enable unauthorized access and harmful actions, compromising the confidentiality, integrity, and availability of the complete KC instance.
CVE-2023-4639 1 Redhat 14 Camel Quarkus, Camel Spring Boot, Integration and 11 more 2026-04-15 7.4 High
A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.
CVE-2023-5685 1 Redhat 12 Apache-camel-spring-boot, Apache Camel Hawtio, Build Keycloak and 9 more 2026-04-15 7.5 High
A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS).
CVE-2023-6236 1 Redhat 2 Jboss Enterprise Application Platform, Jbosseapxp 2026-04-15 7.3 High
A flaw was found in Red Hat Enterprise Application Platform 8. When an OIDC app that serves multiple tenants attempts to access the second tenant, it should prompt the user to log in again since the second tenant is secured with a different OIDC configuration. The underlying issue is in OidcSessionTokenStore when determining if a cached token should be used or not. This logic needs to be updated to take into account the new "provider-url" option in addition to the "realm" option. EAP-7 does not provide the vulnerable provider-url configuration option in its OIDC implementation and is not affected by this flaw.
CVE-2023-5675 1 Redhat 11 A Mq Clients, Camel Quarkus, Cryostat and 8 more 2026-04-15 6.5 Medium
A flaw was found in Quarkus. When a Quarkus RestEasy Classic or Reactive JAX-RS endpoint has its methods declared in the abstract Java class or customized by Quarkus extensions using the annotation processor, the authorization of these methods will not be enforced if it is enabled by either 'quarkus.security.jaxrs.deny-unannotated-endpoints' or 'quarkus.security.jaxrs.default-roles-allowed' properties.
CVE-2024-1023 1 Redhat 20 A Mq Clients, Amq Broker, Amq Streams and 17 more 2026-04-15 6.5 Medium
A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge, allowing an attacker to exploit this vulnerability. For instance, a server accepting arbitrary internet addresses could serve as an attack vector by connecting to these addresses, thereby accelerating the memory leak.
CVE-2024-30172 2 Bouncycastle, Redhat 6 Legion-of-the-bouncy-castle-java-crytography-api, Amq Broker, Apache Camel Spring Boot and 3 more 2026-04-15 7.5 High
An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key.
CVE-2024-3653 1 Redhat 17 Amq Streams, Apache Camel Hawtio, Build Keycloak and 14 more 2026-04-15 5.3 Medium
A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the server is not subject to the attack. The attacker needs to be able to reach the server with a normal HTTP request.
CVE-2024-9622 1 Redhat 3 Jboss Data Grid, Jboss Enterprise Application Platform, Jbosseapxp 2026-04-15 5.3 Medium
A vulnerability was found in the resteasy-netty4 library arising from improper handling of HTTP requests using smuggling techniques. When an HTTP smuggling request with an ASCII control character is sent, it causes the Netty HttpObjectDecoder to transition into a BAD_MESSAGE state. As a result, any subsequent legitimate requests on the same connection are ignored, leading to client timeouts, which may impact systems using load balancers and expose them to risk.
CVE-2025-14969 1 Redhat 4 Jboss Enterprise Application Platform, Jbosseapxp, Openshift Devspaces and 1 more 2026-04-15 4.3 Medium
A flaw was found in Hibernate Reactive. When an HTTP endpoint is exposed to perform database operations, a remote client can prematurely close the HTTP connection. This action may lead to leaking connections from the database connection pool, potentially causing a Denial of Service (DoS) by exhausting available database connections.
CVE-2024-3656 1 Redhat 3 Build Keycloak, Jboss Enterprise Application Platform, Red Hat Single Sign On 2026-04-15 8.1 High
A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise.