Search
Find a vulnerability
Search criteria
2 vulnerabilities found for Keycloak Node.js adapter by Red Hat, Inc.
CVE-2017-7474 (GCVE-0-2017-7474)
Vulnerability from nvd – Published: 2017-05-12 19:00 – Updated: 2024-08-05 16:04
VLAI
EPSS
VEX
Summary
It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly. An attacker could use this flaw to bypass authentication and gain access to restricted information, or to possibly conduct further attacks.
Severity
No CVSS data available.
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1445271 | x_refsource_CONFIRM |
| http://rhn.redhat.com/errata/RHSA-2017-1203.html | vendor-advisoryx_refsource_REDHAT |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat, Inc. | Keycloak Node.js adapter |
Affected:
2.5 - 3.0
|
Date Public
2017-05-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:04:11.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1445271"
},
{
"name": "RHSA-2017:1203",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-1203.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Keycloak Node.js adapter",
"vendor": "Red Hat, Inc.",
"versions": [
{
"status": "affected",
"version": "2.5 - 3.0"
}
]
}
],
"datePublic": "2017-05-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly. An attacker could use this flaw to bypass authentication and gain access to restricted information, or to possibly conduct further attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-253",
"description": "CWE-253",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1445271"
},
{
"name": "RHSA-2017:1203",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-1203.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-7474",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Keycloak Node.js adapter",
"version": {
"version_data": [
{
"version_value": "2.5 - 3.0"
}
]
}
}
]
},
"vendor_name": "Red Hat, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly. An attacker could use this flaw to bypass authentication and gain access to restricted information, or to possibly conduct further attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-253"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1445271",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1445271"
},
{
"name": "RHSA-2017:1203",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-1203.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-7474",
"datePublished": "2017-05-12T19:00:00.000Z",
"dateReserved": "2017-04-05T00:00:00.000Z",
"dateUpdated": "2024-08-05T16:04:11.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7474 (GCVE-0-2017-7474)
Vulnerability from cvelistv5 – Published: 2017-05-12 19:00 – Updated: 2024-08-05 16:04
VLAI
EPSS
VEX
Summary
It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly. An attacker could use this flaw to bypass authentication and gain access to restricted information, or to possibly conduct further attacks.
Severity
No CVSS data available.
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1445271 | x_refsource_CONFIRM |
| http://rhn.redhat.com/errata/RHSA-2017-1203.html | vendor-advisoryx_refsource_REDHAT |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat, Inc. | Keycloak Node.js adapter |
Affected:
2.5 - 3.0
|
Date Public
2017-05-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:04:11.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1445271"
},
{
"name": "RHSA-2017:1203",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-1203.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Keycloak Node.js adapter",
"vendor": "Red Hat, Inc.",
"versions": [
{
"status": "affected",
"version": "2.5 - 3.0"
}
]
}
],
"datePublic": "2017-05-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly. An attacker could use this flaw to bypass authentication and gain access to restricted information, or to possibly conduct further attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-253",
"description": "CWE-253",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1445271"
},
{
"name": "RHSA-2017:1203",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-1203.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-7474",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Keycloak Node.js adapter",
"version": {
"version_data": [
{
"version_value": "2.5 - 3.0"
}
]
}
}
]
},
"vendor_name": "Red Hat, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly. An attacker could use this flaw to bypass authentication and gain access to restricted information, or to possibly conduct further attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-253"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1445271",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1445271"
},
{
"name": "RHSA-2017:1203",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-1203.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-7474",
"datePublished": "2017-05-12T19:00:00.000Z",
"dateReserved": "2017-04-05T00:00:00.000Z",
"dateUpdated": "2024-08-05T16:04:11.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}