Description
It was found that Keycloak's SAML broker, versions up to 6.0.1, did not verify missing message signatures. If an attacker modifies the SAML Response and removes the
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10201
Related Vulnerabilities
CVE-2020-6427 Vulnerability in npm package electron
CVE-2022-36900 Vulnerability in maven package com.compuware.jenkins:compuware-zadviser-api
CVE-2017-12962 Vulnerability in maven package org.webjars.npm:node-sass
CVE-2020-9488 Vulnerability in maven package org.apache.logging.log4j:log4j
CVE-2023-43496 Vulnerability in maven package org.jenkins-ci.main:jenkins-core