| Max CVSS | 5.5 | Min CVSS | 5.5 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2019-3868 | 5.5 |
Keycloak up to version 6.0.0 allows the end user token (access or id token JWT) to be used as the session cookie for browser sessions for OIDC. As a result an attacker with access to service provider backend could hijack user’s browser session.
|
10-02-2020 - 21:52 | 24-04-2019 - 16:29 |