VYPR

Maven package

org.keycloak/keycloak-model-jpa

pkg:maven/org.keycloak/keycloak-model-jpa

Vulnerabilities (3)

  • CVE-2026-3190MedMar 26, 2026
    affected < 26.5.6fixed 26.5.6

    A flaw was found in Keycloak. The User-Managed Access (UMA) 2.0 Protection API endpoint for permission tickets fails to enforce the `uma_protection` role check. This allows any authenticated user with a token issued for a resource server client, even without the `uma_protection`

  • CVE-2023-6563Dec 14, 2023
    affected < 21.0.0fixed 21.0.0

    An unconstrained memory consumption vulnerability was discovered in Keycloak. It can be triggered in environments which have millions of offline tokens (> 500,000 users with each having at least 2 saved sessions). If an attacker creates two or more user sessions and then open the

  • CVE-2019-14832Oct 15, 2019
    affected < 7.0.1fixed 7.0.1

    A flaw was found in the Keycloak REST API before version 8.0.0 where it would permit user access from a realm the user was not configured. An authenticated attacker with knowledge of a user id could use this flaw to access unauthorized information or to carry out further attacks.