Authentication mechanism absence or evasion In org.keycloak:keycloak-services
This advisory was classified as a False Positive during our data review process to ensure accuracy and data quality.
Description
Duplicate Advisory: Keycloak vulnerable to two factor authentication bypass
Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-5jfq-x6xp-7rw2. This link is maintained to preserve external references.
Original Description
A flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication.
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package | Affected version | Patched versions |
|---|---|---|---|
 maven | 26.2.2 |
Aliases
1. 2. 3. 4. 5.
References
1.