Количество 4
Количество 4
CVE-2019-3868
Keycloak up to version 6.0.0 allows the end user token (access or id token JWT) to be used as the session cookie for browser sessions for OIDC. As a result an attacker with access to service provider backend could hijack user’s browser session.
CVE-2019-3868
Keycloak up to version 6.0.0 allows the end user token (access or id token JWT) to be used as the session cookie for browser sessions for OIDC. As a result an attacker with access to service provider backend could hijack user’s browser session.
CVE-2019-3868
Keycloak up to version 6.0.0 allows the end user token (access or id t ...
GHSA-gc52-xj6p-9pxp
Exposure of Sensitive Information to an Unauthorized Actor in Keycloak
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2019-3868 Keycloak up to version 6.0.0 allows the end user token (access or id token JWT) to be used as the session cookie for browser sessions for OIDC. As a result an attacker with access to service provider backend could hijack user’s browser session. | CVSS3: 3.8 | 0% Низкий | почти 7 лет назад |
 | CVE-2019-3868 Keycloak up to version 6.0.0 allows the end user token (access or id token JWT) to be used as the session cookie for browser sessions for OIDC. As a result an attacker with access to service provider backend could hijack user’s browser session. | CVSS3: 3.8 | 0% Низкий | почти 7 лет назад |
| CVE-2019-3868 Keycloak up to version 6.0.0 allows the end user token (access or id t ... | CVSS3: 3.8 | 0% Низкий | почти 7 лет назад |
| GHSA-gc52-xj6p-9pxp Exposure of Sensitive Information to an Unauthorized Actor in Keycloak | CVSS3: 3.8 | 0% Низкий | почти 7 лет назад |
Уязвимостей на страницу