Description
It was found that Keycloak's SAML broker, versions up to 6.0.1, did not verify missing message signatures. If an attacker modifies the SAML Response and removes the
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10201
Related Vulnerabilities
CVE-2019-9212 Vulnerability in maven package com.alipay.sofa:hessian
CVE-2015-3250 Vulnerability in maven package org.apache.directory.api:apache-ldap-api
CVE-2023-50775 Vulnerability in maven package org.jenkins-ci.plugins:ec2-deployment-dashboard
CVE-2023-36480 Vulnerability in maven package com.aerospike:aerospike-client
CVE-2023-49383 Vulnerability in maven package com.jfinal:jfinal