CVE-2017-12159 Vulnerability in maven package org.keycloak:keycloak-services

Description

It was found that the cookie used for CSRF prevention in Keycloak was not unique to each session. An attacker could use this flaw to gain access to an authenticated user session, leading to possible information disclosure or further attacks.

Remediation

References

http://www.securityfocus.com/bid/101601

https://access.redhat.com/errata/RHSA-2017:2904

https://access.redhat.com/errata/RHSA-2017:2905

https://access.redhat.com/errata/RHSA-2017:2906

https://bugzilla.redhat.com/show_bug.cgi?id=1484111

Related Vulnerabilities

CVE-2016-10553 Vulnerability in npm package sequelize

CVE-2022-39353 Vulnerability in maven package org.webjars.npm:xmldom

CVE-2022-39231 Vulnerability in npm package parse-server

CVE-2019-10173 Vulnerability in maven package com.thoughtworks.xstream:xstream

CVE-2021-25642 Vulnerability in maven package org.apache.hadoop:hadoop-yarn-server-resourcemanager

Severity

High

Classification

CWE-613 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N