High severity7.5NVD Advisory· Published Oct 26, 2017· Updated Jun 17, 2026
CVE-2017-12159
CVE-2017-12159
Description
It was found that the cookie used for CSRF prevention in Keycloak was not unique to each session. An attacker could use this flaw to gain access to an authenticated user session, leading to possible information disclosure or further attacks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.keycloak:keycloak-parentMaven | < 3.4.0 | 3.4.0 |
Affected products
20cpe:2.3:a:redhat:single_sign_on:7.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:redhat:single_sign_on:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:single_sign_on:7.1:*:*:*:*:*:*:*
- osv-coords16 versionspkg:apk/chainguard/keycloakpkg:apk/chainguard/keycloak-26.2pkg:apk/chainguard/keycloak-26.3pkg:apk/chainguard/keycloak-26.4pkg:apk/chainguard/keycloak-26.5pkg:apk/chainguard/keycloak-26.6pkg:apk/chainguard/keycloak-bitnami-compatpkg:apk/chainguard/keycloak-compatpkg:apk/wolfi/keycloakpkg:apk/wolfi/keycloak-26.3pkg:apk/wolfi/keycloak-26.4pkg:apk/wolfi/keycloak-26.5pkg:apk/wolfi/keycloak-26.6pkg:apk/wolfi/keycloak-bitnami-compatpkg:apk/wolfi/keycloak-compatpkg:maven/org.keycloak/keycloak-parent
< 0+ 15 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 3.4.0
- Red Hat, Inc./keycloakv5Range: 3.4.0
Patches
Vulnerability mechanics
References
8- www.securityfocus.com/bid/101601nvdThird Party AdvisoryVDB Entry
- access.redhat.com/errata/RHSA-2017:2904nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2017:2905nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2017:2906nvdThird Party AdvisoryWEB
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party AdvisoryVDB EntryWEB
- github.com/advisories/GHSA-7fmw-85qm-h22pghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-12159ghsaADVISORY
- web.archive.org/web/20210124113906/http://www.securityfocus.com/bid/101601ghsaWEB
News mentions
0No linked articles in our index yet.