[keycloak-user] Keycloak CVE

Drew Weirshousky d.weirshousky at xsb.com
Fri Dec 8 09:09:00 EST 2017


There are other CVE databases online that will give you more information on what versions are affected and/or what patches are required.  This information depends on how much the vendor shares. I remember Redhat being pretty good about this when I use to have to deal with it.

Drew

----- Original Message -----
From: "LAGIER Aymeric" <Aymeric.LAGIER at ext.imprimerienationale.fr>
To: keycloak-user at lists.jboss.org, keycloak-dev at lists.jboss.org
Sent: Friday, December 8, 2017 5:14:50 AM
Subject: [keycloak-user] Keycloak CVE

Hi,

 

I saw some CVE were released in november about Keycloak :

 

 <https://www.saucs.com/cve/CVE-2017-12160> CVE-2017-12160

 <https://www.saucs.com/cve/CVE-2017-12159> CVE-2017-12159

 <https://www.saucs.com/cve/CVE-2017-12158> CVE-2017-12158

 <https://www.saucs.com/cve/CVE-2014-3709> CVE-2014-3709

 

Which Keycloak verson is vulnerable ?

I only found information about RedHat SSO. RedHat SSO is either based on
Keycloak 1.X or 2.X, so is Keycloak 3.X vulnerable ?

I don't have enough privileges to access the Keycloak issue :
https://issues.jboss.org/browse/KEYCLOAK-5234 

 

Thanks

Regards

Aymeric


_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user


More information about the keycloak-user mailing list