Количество 3
Количество 3
CVE-2025-12110
A flaw was found in Keycloak. An offline session continues to be valid when the offline_access scope is removed from the client. The refresh token is accepted and you can continue to request new tokens for the session. As it can lead to a situation where an administrator removes the scope, and assumes that offline sessions are no longer available, but they are.
CVE-2025-12110
A flaw was found in Keycloak. An offline session continues to be valid ...
GHSA-895x-rfqp-jh5c
Keycloak does not invalidate offline sessions when the offline_access scope is removed
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-12110 A flaw was found in Keycloak. An offline session continues to be valid when the offline_access scope is removed from the client. The refresh token is accepted and you can continue to request new tokens for the session. As it can lead to a situation where an administrator removes the scope, and assumes that offline sessions are no longer available, but they are. | CVSS3: 5.4 | 0% Низкий | 4 месяца назад |
| CVE-2025-12110 A flaw was found in Keycloak. An offline session continues to be valid ... | CVSS3: 5.4 | 0% Низкий | 4 месяца назад |
| GHSA-895x-rfqp-jh5c Keycloak does not invalidate offline sessions when the offline_access scope is removed | CVSS3: 5.4 | 0% Низкий | 4 месяца назад |
Уязвимостей на страницу