CVEInsight.

Free vulnerability intelligence for developers, security teams, and researchers. Data sourced from public databases for informational purposes only.

Explore

Legal

CVE data sourced from NVD / NIST & public disclosures.

redhat

migration_toolkit_for_applications

4 known vulnerabilities · sorted by CVSS score

CVE-2024-1132

HIGH8.1

A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field, and requires user interaction within the malicious URL.

redhat / build_of_keycloak+15

Network

Published Apr 17, 2024

CVE-2022-4492

HIGH7.5

The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol.

redhat / build_of_quarkus+9

Network

Published Feb 23, 2023

CVE-2023-44487

HIGH7.5

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

ietf / http+291

Network

Published Oct 10, 2023

CVE-2023-6291

HIGH7.1

A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.

redhat / keycloak+12

Network

Published Jan 26, 2024