cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-2419,https://securityvulnerability.io/vulnerability/CVE-2024-2419,Bypass of Redirect URI Validation in Keycloak May Lead to Access Token Theft,"A security flaw in Keycloak's implementation of the redirect_uri validation logic could enable attackers to bypass predefined host restrictions. This flaw allows for potential access token theft, which may lead attackers to impersonate legitimate users. The vulnerability is noteworthy due to its similarities to previous issues that were exploited, highlighting the need for immediate remediation in the affected versions of Keycloak.",Red Hat,"Upstream,Red Hat Build Of Keycloak 22",7.1,HIGH,0.00044999999227002263,false,false,false,false,,false,false,2024-04-17T13:23:34.652Z,0
CVE-2024-0560,https://securityvulnerability.io/vulnerability/CVE-2024-0560,Vulnerability in 3Scale and Keycloak 15 (or RHSSO 7.5.0) Allows for Unauthorized Access to Tokens,"A vulnerability was found in 3Scale, when used with Keycloak 15 (or RHSSO 7.5.0) and superiors. When the auth_type is use_3scale_oidc_issuer_endpoint, the Token Introspection policy discovers the Token Introspection endpoint from the token_introspection_endpoint field, but the field was removed on RH-SSO 7.5. As a result, the policy doesn't inspect tokens, it determines that all tokens are valid.",Red Hat,"Upstream,Red Hat 3scale Api Management Platform 2",,,0.00044999999227002263,false,false,false,false,,false,false,2024-02-28T16:37:01.247Z,0
CVE-2023-6393,https://securityvulnerability.io/vulnerability/CVE-2023-6393,Quarkus: potential invalid reuse of context when @cacheresult on a uni is used,"A flaw was found in the Quarkus Cache Runtime. When request processing utilizes a Uni cached using @CacheResult and the cached Uni reuses the initial ""completion"" context, the processing switches to the cached Uni instead of the request context. This is a problem if the cached Uni context contains sensitive information, and could allow a malicious user to benefit from a POST request returning the response that is meant for another user, gaining access to sensitive data.",Red Hat,"upstream,Red Hat build of Quarkus",5.3,MEDIUM,0.0015999999595806003,false,false,false,false,,false,false,2023-12-06T17:15:00.000Z,0
CVE-2023-4910,https://securityvulnerability.io/vulnerability/CVE-2023-4910,3scale-admin-portal: logged out users tokens can be accessed,"A flaw was found In 3Scale Admin Portal. If a user logs out from the personal tokens page and then presses the back button in the browser, the tokens page is rendered from the browser cache.",Red Hat,"upstream,Red Hat 3scale API Management Platform 2",5.5,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2023-11-06T13:15:00.000Z,0