1:12 p.m.
There's been an issue before about KeyCloak CVE's however no more
information found about it.
http://lists.jboss.org/pipermail/keycloak-user/2017-December/012541.html
I would like to get a clear understanding about
https://nvd.nist.gov/vuln/detail/CVE-2017-12160
https://www.saucs.com/cve/CVE-2017-12159
https://www.saucs.com/cve/CVE-2017-12158
Why they're the case and if there are patches for them. There are no
information on CVE websites. It's critical for us to make sure KeyCloak has
known vulnerabilities fixed. Can anyone point me please in the right
direction or post more information about them?
Regards,
Yuriy Yunikov
1:34 a.m.
For critical production environment consider using Red Hat Single Sign On
[1].
--Hynek
[1] http://www.keycloak.org/support.html
On Thu, Feb 15, 2018 at 8:12 PM, Yuriy Yunikov <
yuriy.yunikov(a)verygood.systems> wrote:
There's been an issue before about KeyCloak CVE's however no
more
information found about it.
http://lists.jboss.org/pipermail/keycloak-user/2017-December/012541.html
I would like to get a clear understanding about
https://nvd.nist.gov/vuln/detail/CVE-2017-12160
https://www.saucs.com/cve/CVE-2017-12159
https://www.saucs.com/cve/CVE-2017-12158
Why they're the case and if there are patches for them. There are no
information on CVE websites. It's critical for us to make sure KeyCloak has
known vulnerabilities fixed. Can anyone point me please in the right
direction or post more information about them?
Regards,
Yuriy Yunikov
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
--Hynek
1:54 a.m.
The 3 CVEs you listed where all fixed in 3.3.0.Final, but for some reason
the CVEs still haven't been updated. Will chase that (again).
On 20 February 2018 at 08:34, Hynek Mlnarik <hmlnarik(a)redhat.com> wrote:
For critical production environment consider using Red Hat Single
Sign On
[1].
--Hynek
[1] http://www.keycloak.org/support.html
On Thu, Feb 15, 2018 at 8:12 PM, Yuriy Yunikov <
yuriy.yunikov(a)verygood.systems> wrote:
> There's been an issue before about KeyCloak CVE's however no more
> information found about it.
> http://lists.jboss.org/pipermail/keycloak-user/2017-December/012541.html
>
> I would like to get a clear understanding about
> https://nvd.nist.gov/vuln/detail/CVE-2017-12160
> https://www.saucs.com/cve/CVE-2017-12159
> https://www.saucs.com/cve/CVE-2017-12158
>
> Why they're the case and if there are patches for them. There are no
> information on CVE websites. It's critical for us to make sure KeyCloak
has
> known vulnerabilities fixed. Can anyone point me please in the right
> direction or post more information about them?
>
> Regards,
> Yuriy Yunikov
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
--
--Hynek
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
2514
days inactive
2519
days old
2 comments
3 participants
participants (3)
-
Hynek Mlnarik -
Stian Thorgersen -
Yuriy Yunikov