[keycloak-user] Keycloak CVE
LAGIER Aymeric
Aymeric.LAGIER at ext.imprimerienationale.fr
Fri Dec 8 10:38:51 EST 2017
Links provided in my previous email were just references. I read other CVE database site like the MITRE one but there's no additional information
Thanks
-----Message d'origine-----
De : Drew Weirshousky [mailto:d.weirshousky at xsb.com]
Envoyé : vendredi 8 décembre 2017 15:09
À : LAGIER Aymeric <Aymeric.LAGIER at ext.imprimerienationale.fr>
Cc : keycloak-user at lists.jboss.org; keycloak-dev at lists.jboss.org
Objet : Re: [keycloak-user] Keycloak CVE
There are other CVE databases online that will give you more information on what versions are affected and/or what patches are required. This information depends on how much the vendor shares. I remember Redhat being pretty good about this when I use to have to deal with it.
Drew
----- Original Message -----
From: "LAGIER Aymeric" <Aymeric.LAGIER at ext.imprimerienationale.fr>
To: keycloak-user at lists.jboss.org, keycloak-dev at lists.jboss.org
Sent: Friday, December 8, 2017 5:14:50 AM
Subject: [keycloak-user] Keycloak CVE
Hi,
I saw some CVE were released in november about Keycloak :
<https://www.saucs.com/cve/CVE-2017-12160> CVE-2017-12160
<https://www.saucs.com/cve/CVE-2017-12159> CVE-2017-12159
<https://www.saucs.com/cve/CVE-2017-12158> CVE-2017-12158
<https://www.saucs.com/cve/CVE-2014-3709> CVE-2014-3709
Which Keycloak verson is vulnerable ?
I only found information about RedHat SSO. RedHat SSO is either based on Keycloak 1.X or 2.X, so is Keycloak 3.X vulnerable ?
I don't have enough privileges to access the Keycloak issue :
https://issues.jboss.org/browse/KEYCLOAK-5234
Thanks
Regards
Aymeric
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5589 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20171208/b4c20172/attachment.bin
More information about the keycloak-user
mailing list