cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-1249,https://securityvulnerability.io/vulnerability/CVE-2024-1249,Millions of Requests in Seconds: Keycloak OIDC Flaw Affects Application Availability,"A vulnerability exists in the OIDC component of Keycloak that permits unvalidated cross-origin messages via the 'checkLoginIframe' functionality. This security oversight allows attackers to orchestrate and dispatch an overwhelming volume of requests in a very short time span, which could severely compromise the availability of the affected application. The flaw stems from the lack of proper validation of incoming messages, raising concerns about its potential to facilitate denial-of-service attacks.",Red Hat,",Red Hat AMQ Broker 7,Red Hat Build Of Keycloak 22,Red Hat Build Of Keycloak 22.0.10,Red Hat Single Sign-on 7.6 For Rhel 7,Red Hat Single Sign-on 7.6 For Rhel 8,Red Hat Single Sign-on 7.6 For Rhel 9,Rhel-8 Based Middleware Containers,Rhoss-1.33-rhel-8,Rhsso 7.6.8,Migration Toolkit For Applications 6,Migration Toolkit For Applications 7,Red Hat Build Of Apicurio Registry,Red Hat Data Grid 8,Red Hat Decision Manager 7,Red Hat Developer Hub,Red Hat Fuse 7,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform 6,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Process Automation 7,Streams For Apache Kafka",7.4,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2024-04-17T13:22:48.335Z,0
CVE-2023-6944,https://securityvulnerability.io/vulnerability/CVE-2023-6944,Rhdh: catalog-import function leaks credentials to frontend,"A flaw was found in the Red Hat Developer Hub (RHDH). The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access token. Upon gaining access to this token and depending on permissions, an attacker could push malicious code to repositories, delete resources in Git, revoke or generate new keys, and sign code illegitimately.",Red Hat,"Rhdh,Red Hat Developer Hub",5.7,MEDIUM,0.0008999999845400453,false,false,false,false,,false,false,2024-01-04T10:15:00.000Z,0