npm package
keycloak-connect
pkg:npm/keycloak-connect
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-2237 | — | < 21.0.1 | 21.0.1 | Mar 27, 2023 | A flaw was found in the Keycloak Node.js Adapter. This flaw allows an attacker to benefit from an Open Redirect vulnerability in the checkSso function. | ||
| CVE-2019-10157 | — | < 4.8.3 | 4.8.3 | Jun 12, 2019 | It was found that Keycloak's Node.js adapter before version 4.8.3 did not properly verify the web token received from the server in its backchannel logout . An attacker with local access could use this to construct a malicious web token setting an NBF parameter that could prevent | ||
| CVE-2017-7474 | Cri | 9.8 | >= 2.5.0, < 3.1.0 | 3.1.0 | May 12, 2017 | It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly. An attacker could use this flaw to bypass authentication and gain access to restricted information, or to possibly conduct further attacks. |
- CVE-2022-2237Mar 27, 2023affected < 21.0.1fixed 21.0.1
A flaw was found in the Keycloak Node.js Adapter. This flaw allows an attacker to benefit from an Open Redirect vulnerability in the checkSso function.
- CVE-2019-10157Jun 12, 2019affected < 4.8.3fixed 4.8.3
It was found that Keycloak's Node.js adapter before version 4.8.3 did not properly verify the web token received from the server in its backchannel logout . An attacker with local access could use this to construct a malicious web token setting an NBF parameter that could prevent
- affected >= 2.5.0, < 3.1.0fixed 3.1.0
It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly. An attacker could use this flaw to bypass authentication and gain access to restricted information, or to possibly conduct further attacks.