Описание
A flaw was found in the Keycloak LDAP User Federation provider. This vulnerability allows an authenticated realm administrator to trigger deserialization of untrusted Java objects via a malicious LDAP server configuration.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| keycloak | itp | package |
EPSS
Процентиль: 3%
0.00017
Низкий
Связанные уязвимости
CVSS3: 5.5
nvd
2 месяца назад
A flaw was found in the Keycloak LDAP User Federation provider. This vulnerability allows an authenticated realm administrator to trigger deserialization of untrusted Java objects via a malicious LDAP server configuration.
CVSS3: 5.5
github
около 2 месяцев назад
Keycloak LDAP User Federation provider enables admin-triggered untrusted Java deserialization
EPSS
Процентиль: 3%
0.00017
Низкий