Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Single_sign\-On
(Redhat)| Repositories | https://github.com/FasterXML/jackson-databind |
| #Vulnerabilities | 97 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-09-01 | CVE-2022-2256 | A Stored Cross-site scripting (XSS) vulnerability was found in keycloak as shipped in Red Hat Single Sign-On 7. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality. | Single_sign\-On | 3.8 | ||
| 2022-09-01 | CVE-2022-2764 | A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations. | Active_iq_unified_manager, Cloud_secure_agent, Oncommand_insight, Oncommand_workflow_automation, Integration_camel_k, Jboss_enterprise_application_platform, Jboss_fuse, Single_sign\-On, Undertow | 4.9 | ||
| 2022-09-13 | CVE-2022-1278 | A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may contain. | Amq, Amq_online, Integration_camel_k, Integration_service_registry, Jboss_a\-Mq, Jboss_enterprise_application_platform_expansion_pack, Single_sign\-On, Wildfly | 7.5 | ||
| 2023-03-29 | CVE-2022-1274 | A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users. | Keycloak, Openshift_container_platform, Single_sign\-On | 5.4 | ||
| 2023-07-07 | CVE-2022-4361 | Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers. The vulnerability can allow an attacker to execute malicious scripts by setting the AssertionConsumerServiceURL value or the redirect_uri. | Keycloak, Openshift_container_platform, Openshift_container_platform_for_ibm_linuxone, Openshift_container_platform_for_power, Single_sign\-On | 6.1 | ||
| 2023-08-04 | CVE-2023-0264 | A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, integrity, and availability. | Keycloak, Openshift_container_platform, Openshift_container_platform_for_ibm_linuxone, Openshift_container_platform_ibm_z_systems, Single_sign\-On | 5.0 | ||
| 2023-09-14 | CVE-2023-1108 | A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates. | Oncommand_workflow_automation, Build_of_quarkus, Decision_manager, Fuse, Integration_camel_k, Integration_service_registry, Jboss_enterprise_application_platform, Jboss_enterprise_application_platform_expansion_pack, Openshift_application_runtimes, Openshift_container_platform, Openshift_container_platform_for_linuxone, Openshift_container_platform_for_power, Openstack_platform, Process_automation, Single_sign\-On, Undertow | 7.5 | ||
| 2023-09-20 | CVE-2022-3916 | A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user. | Keycloak, Openshift_container_platform, Openshift_container_platform_for_linuxone, Openshift_container_platform_for_power, Openshift_container_platform_ibm_z_systems, Single_sign\-On | 6.8 | ||
| 2023-09-22 | CVE-2022-4039 | A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentially sensitive information in the app server configuration. | Openshift_container_platform, Openshift_container_platform_for_ibm_z, Openshift_container_platform_for_linuxone, Openshift_container_platform_for_power, Single_sign\-On | 9.8 | ||
| 2023-09-25 | CVE-2022-4137 | A reflected cross-site scripting (XSS) vulnerability was found in the 'oob' OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to interact with a link in order to be vulnerable. This may compromise user details, allowing it to be changed or collected by an attacker. | Keycloak, Single_sign\-On | 6.1 |