| Title |
Severity |
Exploit |
Date |
Affected Version |
|
Keycloak Denial of Service via account lockout
|
Low
|
|
Jun 12, 2024
|
< 24.0.0
|
|
Keycloak's improper input validation allows using email as username
|
Low
|
|
Jun 12, 2024
|
< 24.0.1
|
|
Keycloak exposes sensitive information in Pushed Authorization Requests (PAR)
|
High
|
|
Jun 10, 2024
|
< 24.0.5
|
|
CVE-2024-4540
|
High
|
|
Jun 3, 2024
|
< 24.0.5
|
|
CVE-2023-6544
|
Medium
|
|
Apr 25, 2024
|
< 22.0.10
>= 23.0.0 < 24.0.3
|
|
CVE-2023-6717
|
Medium
|
|
Apr 25, 2024
|
< 22.0.10
>= 23.0.0 < 24.0.3
|
|
CVE-2023-6787
|
High
|
|
Apr 25, 2024
|
< 22.0.10
>= 23.0.0 < 24.0.3
|
|
CVE-2023-6484
|
Medium
|
|
Apr 25, 2024
|
< 22.0.9
>= 23.0.0 < 23.0.5
|
|
CVE-2023-3597
|
Medium
|
|
Apr 25, 2024
|
< 22.0.10
>= 23.0.0 < 24.0.3
|
|
CVE-2024-1132
|
High
|
|
Apr 17, 2024
|
< 22.0.10
>= 23.0.0 < 24.0.3
|
org.keycloak / keycloak-services