All errata/p11/ALT-PU-2025-6486-4
ALT-PU-2025-6486-4

Package update keycloak in branch p11

Version26.2.4-alt1
Task#383623
Published2026-02-05
Max severityHIGH
Severity:

Closed issues (4)

CVE-2025-3501
HIGH8.2

A flaw was found in Keycloak. By setting a verification policy to 'ALL', the trust store certificate verification is skipped, which is unintended.

Published: 2025-04-29Modified: 2026-04-15
CVSS 3.xHIGH 8.2
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
References
CVE-2025-3910
MEDIUM5.4

A flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication.

Published: 2025-04-29Modified: 2025-08-18
CVSS 3.xMEDIUM 5.4
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
References
GHSA-5jfq-x6xp-7rw2
MEDIUM5.4

Keycloak vulnerable to two factor authentication bypass

Published: 2025-04-30Modified: 2025-07-28
CVSS 3.xMEDIUM 5.4
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
References
GHSA-hw58-3793-42gg
HIGH8.2

Keycloak hostname verification

Published: 2025-04-30Modified: 2025-08-07
CVSS 3.xHIGH 8.2
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
References