Описание
A flaw was found in keycloak affecting versions 11.0.3 and 12.0.0. An expired certificate would be accepted by the direct-grant authenticator because of missing time stamp validations. The highest threat from this vulnerability is to data confidentiality and integrity.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:redhat:keycloak:11.0.3:*:*:*:*:*:*:*
cpe:2.3:a:redhat:keycloak:12.0.0:*:*:*:*:*:*:*
EPSS
Процентиль: 25%
0.00087
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-20
CWE-295
Связанные уязвимости
CVSS3: 4.2
redhat
около 5 лет назад
A flaw was found in keycloak affecting versions 11.0.3 and 12.0.0. An expired certificate would be accepted by the direct-grant authenticator because of missing time stamp validations. The highest threat from this vulnerability is to data confidentiality and integrity.
CVSS3: 5.4
debian
больше 3 лет назад
A flaw was found in keycloak affecting versions 11.0.3 and 12.0.0. An ...
CVSS3: 5.4
github
больше 3 лет назад
Keycloak vulnerable to Improper Certificate Validation
EPSS
Процентиль: 25%
0.00087
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-20
CWE-295