ALT-PU-2026-7410-2

Обновление пакета keycloak в ветке c10f2

Версия26.6.1-alt1

Задание#417672

Опубликовано2026-05-12

Макс. серьёзностьMEDIUM

Серьёзность:

Закрытые проблемы (3)

MEDIUM5.8

A flaw was identified in Keycloak, an identity and access management solution, where it improperly follows HTTP redirects when processing certain client configuration requests. This behavior allows an attacker to trick the server into making unintended requests to internal or restricted resources. As a result, sensitive internal services such as cloud metadata endpoints could be accessed. This issue may lead to information disclosure and enable attackers to map internal network infrastructure.

Опубликовано: 2026-03-18Изменено: 2026-06-17

CVSS 3.xСРЕДНЯЯ 5.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Ссылки

LOW3.7

A flaw was found in Keycloak. A remote attacker can exploit differential error messages during the identity-first login flow when Organizations are enabled. This vulnerability allows an attacker to determine the existence of users, leading to information disclosure through user enumeration.

Опубликовано: 2026-03-23Изменено: 2026-06-17

CVSS 3.xНИЗКАЯ 3.7

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Ссылки

GHSA-rhgq-f8x5-j2jc

LOW3.7

Keycloak's identity-first login flow exposes user information

Опубликовано: 2026-03-23Изменено: 2026-06-17

CVSS 3.xНИЗКАЯ 3.7

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Ссылки