[keycloak-dev] CVE-2019-3875- Keycloak X.509 Authenticator Man-In-The-Middle Weak Authentication
Bruno Oliveira
bruno at abstractj.org
Tue Aug 13 10:59:18 EDT 2019
Yes it was fixed and will be available on the next release.
On Tue, Aug 13, 2019 at 11:42 AM Shiva Prasad Thagadur Prakash
<shiva.prasad.thagadur.prakash at ericsson.com> wrote:
>
> Hi Guys,
> Is this CVE already fixed in keycloak version 6.0.1? The CVE
> description says vulnerable upto 6.0.2 and the redhat link https://bugz
> illa.redhat.com/show_bug.cgi?id=1690628 says fixed in version 6.0.2.
> But we couldn't find keycloak version 6.0.2?
>
> Thanks,
> Shiva
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
--
- abstractj
More information about the keycloak-dev
mailing list