CVE-2017-12159 – org.keycloak:keycloak-parent

Package

Manager: maven
Name: org.keycloak:keycloak-parent
Vulnerable Version: >=0 <3.4.0

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.01452 pctl0.80052

Details

Keycloak CSRF Vulnerability It was found that the cookie used for CSRF prevention in Keycloak was not unique to each session. An attacker could use this flaw to gain access to an authenticated user session, leading to possible information disclosure or further attacks.

Metadata

Created: 2022-05-13T01:38:14Z
Modified: 2023-07-26T19:15:53Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-7fmw-85qm-h22p/GHSA-7fmw-85qm-h22p.json
CWE IDs: ["CWE-613"]
Alternative ID: GHSA-7fmw-85qm-h22p
Finding: F280
Auto approve: 1