CVE-2018-14637 – org.keycloak:keycloak-core

Package

Manager: maven
Name: org.keycloak:keycloak-core
Vulnerable Version: >=0 <4.6.0

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00252 pctl0.48372

Details

Improper Authentication in Keycloak The SAML broker consumer endpoint in Keycloak before version 4.6.0.Final ignores expiration conditions on SAML assertions. An attacker can exploit this vulnerability to perform a replay attack.

Metadata

Created: 2018-12-21T17:48:45Z
Modified: 2022-09-14T22:26:11Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/12/GHSA-gf2j-7qwg-4f5x/GHSA-gf2j-7qwg-4f5x.json
CWE IDs: ["CWE-285", "CWE-287"]
Alternative ID: GHSA-gf2j-7qwg-4f5x
Finding: F039
Auto approve: 1