[keycloak-user] Keycloak CVE

[LAGIER Aymeric]

Hi,

 

I saw some CVE were released in november about Keycloak :

 

 <https://www.saucs.com/cve/CVE-2017-12160> CVE-2017-12160

 <https://www.saucs.com/cve/CVE-2017-12159> CVE-2017-12159

 <https://www.saucs.com/cve/CVE-2017-12158> CVE-2017-12158

 <https://www.saucs.com/cve/CVE-2014-3709> CVE-2014-3709

 

Which Keycloak verson is vulnerable ?

I only found information about RedHat SSO. RedHat SSO is either based on
Keycloak 1.X or 2.X, so is Keycloak 3.X vulnerable ?

I don't have enough privileges to access the Keycloak issue :
https://issues.jboss.org/browse/KEYCLOAK-5234 

 

Thanks

Regards

Aymeric

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5589 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20171208/7a5bcdb8/attachment.bin