cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-1249,https://securityvulnerability.io/vulnerability/CVE-2024-1249,Millions of Requests in Seconds: Keycloak OIDC Flaw Affects Application Availability,"A vulnerability exists in the OIDC component of Keycloak that permits unvalidated cross-origin messages via the 'checkLoginIframe' functionality. This security oversight allows attackers to orchestrate and dispatch an overwhelming volume of requests in a very short time span, which could severely compromise the availability of the affected application. The flaw stems from the lack of proper validation of incoming messages, raising concerns about its potential to facilitate denial-of-service attacks.",Red Hat,",Red Hat AMQ Broker 7,Red Hat Build Of Keycloak 22,Red Hat Build Of Keycloak 22.0.10,Red Hat Single Sign-on 7.6 For Rhel 7,Red Hat Single Sign-on 7.6 For Rhel 8,Red Hat Single Sign-on 7.6 For Rhel 9,Rhel-8 Based Middleware Containers,Rhoss-1.33-rhel-8,Rhsso 7.6.8,Migration Toolkit For Applications 6,Migration Toolkit For Applications 7,Red Hat Build Of Apicurio Registry,Red Hat Data Grid 8,Red Hat Decision Manager 7,Red Hat Developer Hub,Red Hat Fuse 7,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform 6,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Process Automation 7,Streams For Apache Kafka",7.4,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2024-04-17T13:22:48.335Z,0
CVE-2024-1132,https://securityvulnerability.io/vulnerability/CVE-2024-1132,Keycloak Flaw Allows Attackers to Bypass Validation and Access Sensitive Information,"A security vulnerability has been identified in Keycloak, where improper URL validation in redirects could enable an attacker to exploit this flaw. This issue particularly affects clients that utilize wildcards in the Valid Redirect URIs field, which could allow malicious requests to bypass intended restrictions. As a result, sensitive information may be accessed without authorization, potentially leading to further attacks. User interaction is necessary to trigger this vulnerability, making it essential for users and administrators to be informed about securing their implementations of Keycloak.",Red Hat,"Migration Toolkit For Runtimes 1 On Rhel 8,Mta-6.2-rhel-9,Red Hat Build Of Keycloak 22,Red Hat Build Of Keycloak 22.0.10,Red Hat Jboss A-MQ 7,Red Hat Single Sign-on 7.6 For Rhel 7,Red Hat Single Sign-on 7.6 For Rhel 8,Red Hat Single Sign-on 7.6 For Rhel 9,Rhel-8 Based Middleware Containers,Rhsso 7.6.8,Red Hat Build Of Quarkus,Red Hat Data Grid 8,Red Hat Decision Manager 7,Red Hat Integration Service Registry,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform 6,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Fuse 7,Red Hat Process Automation 7",8.1,HIGH,0.0004600000102072954,false,false,false,false,,false,false,2024-04-17T13:21:19.130Z,0
CVE-2023-6291,https://securityvulnerability.io/vulnerability/CVE-2023-6291,Keycloak: redirect_uri validation bypass,"A flaw has been identified in the redirect_uri validation logic within Keycloak, a product developed by Red Hat. This vulnerability could potentially allow attackers to bypass explicitly allowed hosts, leading to unauthorized access. If exploited, it may enable the theft of access tokens, thereby allowing attackers to impersonate legitimate users and compromise sensitive data. Organizations using Keycloak should ensure they are aware of this issue and implement appropriate security measures to mitigate the risks associated with this vulnerability.",Red Hat,"Red Hat Build Of Keycloak 22,Red Hat Build Of Keycloak 22.0.7,Red Hat Single Sign-on 7,Red Hat Single Sign-on 7.6 For Rhel 7,Red Hat Single Sign-on 7.6 For Rhel 8,Red Hat Single Sign-on 7.6 For Rhel 9,Rhel-8 Based Middleware Containers,Single Sign-on 7.6.6,Migration Toolkit For Applications 6,Migration Toolkit For Applications 7,Openshift Serverless,Red Hat Data Grid 8,Red Hat Decision Manager 7,Red Hat Fuse 7,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform 6,Red Hat Process Automation 7",7.1,HIGH,0.0017099999822676182,false,false,false,false,,false,false,2024-01-26T14:23:43.185Z,0