Description
It was found that Keycloak's SAML broker, versions up to 6.0.1, did not verify missing message signatures. If an attacker modifies the SAML Response and removes the
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10201
Related Vulnerabilities
CVE-2023-32695 Vulnerability in npm package socket.io-parser
CVE-2023-45669 Vulnerability in maven package com.webauthn4j:webauthn4j-spring-security-core
CVE-2023-25762 Vulnerability in maven package org.jenkins-ci.plugins:pipeline-build-step
CVE-2020-10758 Vulnerability in maven package org.keycloak:keycloak-wildfly-server-subsystem