WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2020-1744 Vulnerability in maven package org.keycloak:keycloak-services

Description

A flaw was found in keycloak before version 9.0.1. When configuring an Conditional OTP Authentication Flow as a post login flow of an IDP, the failure login events for OTP are not being sent to the brute force protection event queue. So BruteForceProtector does not handle this events.

Remediation

References

https://access.redhat.com/security/cve/CVE-2020-1744

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1744

Related Vulnerabilities

CVE-2021-20334 Vulnerability in npm package mongodb-js-metrics

CVE-2020-6422 Vulnerability in maven package org.webjars.npm:electron

CVE-2018-1199 Vulnerability in maven package org.springframework.security:spring-security-web

CVE-2023-30543 Vulnerability in npm package @web3-react/walletconnect

CVE-2019-16546 Vulnerability in maven package org.jenkins-ci.plugins:google-compute-engine

Severity

Medium

Classification

CWE-755 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Tags

Vendor Advisory Issue Tracking