Low severity3.7NVD Advisory· Published Aug 1, 2018· Updated Jun 17, 2026
CVE-2016-8609
CVE-2016-8609
Description
It was found that the keycloak before 2.3.0 did not implement authentication flow correctly. An attacker could use this flaw to construct a phishing URL, from which he could hijack the user's session. This could lead to information disclosure, or permit further possible attacks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.keycloak:keycloak-coreMaven | < 2.3.0 | 2.3.0 |
Affected products
2Patches
Vulnerability mechanics
References
6- rhn.redhat.com/errata/RHSA-2016-2945.htmlnvdVendor Advisory
- www.securityfocus.com/bid/95070nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1037460nvdThird Party AdvisoryVDB Entry
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingVendor Advisory
- github.com/advisories/GHSA-95m6-mjh3-58gmghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-8609ghsaADVISORY
News mentions
0No linked articles in our index yet.