Описание
A flaw was found in keycloak-model-infinispan in keycloak versions before 14.0.0 where authenticationSessions map in RootAuthenticationSessionEntity grows boundlessly which could lead to a DoS attack.
Ссылки
- Issue TrackingVendor Advisory
- Issue TrackingVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 14.0.0 (исключая)
Одно из
cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*
EPSS
Процентиль: 64%
0.00468
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-770
Связанные уязвимости
CVSS3: 7.5
redhat
около 5 лет назад
A flaw was found in keycloak-model-infinispan in keycloak versions before 14.0.0 where authenticationSessions map in RootAuthenticationSessionEntity grows boundlessly which could lead to a DoS attack.
CVSS3: 7.5
debian
больше 4 лет назад
A flaw was found in keycloak-model-infinispan in keycloak versions bef ...
CVSS3: 7.5
github
больше 4 лет назад
Allocation of resources without limits or throttling in keycloak-model-infinispan
EPSS
Процентиль: 64%
0.00468
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-770