Описание
It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly. An attacker could use this flaw to bypass authentication and gain access to restricted information, or to possibly conduct further attacks.
Ссылки
- Issue TrackingThird Party AdvisoryVDB Entry
- Issue TrackingThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:keycloak:keycloak-nodejs-auth-utils:2.5.0:*:*:*:*:*:*:*
cpe:2.3:a:keycloak:keycloak-nodejs-auth-utils:2.5.0:cr1:*:*:*:*:*:*
cpe:2.3:a:keycloak:keycloak-nodejs-auth-utils:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:keycloak:keycloak-nodejs-auth-utils:2.5.2:*:*:*:*:*:*:*
cpe:2.3:a:keycloak:keycloak-nodejs-auth-utils:2.5.3:*:*:*:*:*:*:*
cpe:2.3:a:keycloak:keycloak-nodejs-auth-utils:2.5.4:*:*:*:*:*:*:*
cpe:2.3:a:keycloak:keycloak-nodejs-auth-utils:2.5.5:*:*:*:*:*:*:*
cpe:2.3:a:keycloak:keycloak-nodejs-auth-utils:2.5.6:*:*:*:*:*:*:*
cpe:2.3:a:keycloak:keycloak-nodejs-auth-utils:2.5.7:*:*:*:*:*:*:*
cpe:2.3:a:keycloak:keycloak-nodejs-auth-utils:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:keycloak:keycloak-nodejs-auth-utils:3.0.0:cr1:*:*:*:*:*:*
EPSS
Процентиль: 82%
0.01726
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-253
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 8.1
redhat
больше 8 лет назад
It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly. An attacker could use this flaw to bypass authentication and gain access to restricted information, or to possibly conduct further attacks.
CVSS3: 9.8
debian
больше 8 лет назад
It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handl ...
CVSS3: 9.8
github
около 8 лет назад
keycloak-connect and keycloak-js improperly handle invalid tokens
EPSS
Процентиль: 82%
0.01726
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-253
NVD-CWE-noinfo