logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

CVE-2014-3655 org.keycloak:keycloak-services

Package

Manager: maven
Name: org.keycloak:keycloak-services
Vulnerable Version: >=0 <1.0.2.final

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00183 pctl0.40295

Details

JBoss KeyCloak is vulnerable to soft token deletion via CSRF JBoss KeyCloak is vulnerable to soft token deletion via CSRF. This issue is fixed in Keycloak 1.0.2.Final.

Metadata

Created: 2022-05-17T19:57:03Z
Modified: 2022-11-22T19:04:21Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-237q-6hjp-pchq/GHSA-237q-6hjp-pchq.json
CWE IDs: ["CWE-352"]
Alternative ID: GHSA-237q-6hjp-pchq
Finding: F007
Auto approve: 1