Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    2 vulnerabilities found for keycloak-nodejs-auth-utils by keycloak

    CVE-2017-7474 (GCVE-0-2017-7474)

    Vulnerability from nvd – Published: 2017-05-12 19:00 – Updated: 2024-08-05 16:04
    VLAI
    Summary
    It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly. An attacker could use this flaw to bypass authentication and gain access to restricted information, or to possibly conduct further attacks.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    URL Tags
    https://bugzilla.redhat.com/show_bug.cgi?id=1445271 x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2017-1203.html vendor-advisoryx_refsource_REDHAT
    Impacted products
    Date Public
    2017-05-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:04:11.544Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1445271"
              },
              {
                "name": "RHSA-2017:1203",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2017-1203.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Keycloak Node.js adapter",
              "vendor": "Red Hat, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.5 - 3.0"
                }
              ]
            }
          ],
          "datePublic": "2017-05-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly.  An attacker could use this flaw to bypass authentication and gain access to restricted information, or to possibly conduct further attacks."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-253",
                  "description": "CWE-253",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-04T19:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1445271"
            },
            {
              "name": "RHSA-2017:1203",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2017-1203.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2017-7474",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Keycloak Node.js adapter",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2.5 - 3.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Red Hat, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly.  An attacker could use this flaw to bypass authentication and gain access to restricted information, or to possibly conduct further attacks."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-253"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1445271",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1445271"
                },
                {
                  "name": "RHSA-2017:1203",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2017-1203.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2017-7474",
        "datePublished": "2017-05-12T19:00:00.000Z",
        "dateReserved": "2017-04-05T00:00:00.000Z",
        "dateUpdated": "2024-08-05T16:04:11.544Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-7474 (GCVE-0-2017-7474)

    Vulnerability from cvelistv5 – Published: 2017-05-12 19:00 – Updated: 2024-08-05 16:04
    VLAI
    Summary
    It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly. An attacker could use this flaw to bypass authentication and gain access to restricted information, or to possibly conduct further attacks.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    URL Tags
    https://bugzilla.redhat.com/show_bug.cgi?id=1445271 x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2017-1203.html vendor-advisoryx_refsource_REDHAT
    Impacted products
    Date Public
    2017-05-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:04:11.544Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1445271"
              },
              {
                "name": "RHSA-2017:1203",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2017-1203.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Keycloak Node.js adapter",
              "vendor": "Red Hat, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.5 - 3.0"
                }
              ]
            }
          ],
          "datePublic": "2017-05-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly.  An attacker could use this flaw to bypass authentication and gain access to restricted information, or to possibly conduct further attacks."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-253",
                  "description": "CWE-253",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-04T19:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1445271"
            },
            {
              "name": "RHSA-2017:1203",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2017-1203.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2017-7474",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Keycloak Node.js adapter",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2.5 - 3.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Red Hat, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly.  An attacker could use this flaw to bypass authentication and gain access to restricted information, or to possibly conduct further attacks."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-253"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1445271",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1445271"
                },
                {
                  "name": "RHSA-2017:1203",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2017-1203.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2017-7474",
        "datePublished": "2017-05-12T19:00:00.000Z",
        "dateReserved": "2017-04-05T00:00:00.000Z",
        "dateUpdated": "2024-08-05T16:04:11.544Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }