Description
It was found that Keycloak's SAML broker, versions up to 6.0.1, did not verify missing message signatures. If an attacker modifies the SAML Response and removes the
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10201
Related Vulnerabilities
CVE-2020-36649 Vulnerability in maven package org.webjars.npm:papaparse
CVE-2018-10912 Vulnerability in maven package org.keycloak:keycloak-model-infinispan
CVE-2012-3451 Vulnerability in maven package org.apache.cxf:cxf-bundle
CVE-2016-0706 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2019-1003053 Vulnerability in maven package org.jenkins-ci.plugins:hockeyapp