⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Drafts

Create draft to convert the suggestion into a draft security issue that can be edited before publishing.

Dismiss to remove a suggestion from the queue.

CVE-2024-10270
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
updated 2 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion
  • @LeSuisse removed
    3 packages
    • pkgs.terraform-providers.keycloak 4.4.0
    • pkgs.python311Packages.python-keycloak 4.0.0
    • pkgs.python312Packages.python-keycloak 4.0.0
  • @LeSuisse accepted as draft
Org.keycloak:keycloak-services: keycloak denial of service

A vulnerability was found in the Keycloak-services package. If untrusted data is passed to the SearchQueryUtils method, it could lead to a denial of service (DoS) scenario by exhausting system resources due to a Regex complexity.

keycloak
<24.0.9
<26.0.6
rhbk/keycloak-rhel9
*
rhbk/keycloak-rhel9-operator
*
rhbk/keycloak-operator-bundle
*
org.keycloak/keycloak-services

pkgs.keycloak

Identity and access management for modern applications and services
Notify package maintainers: 3
CVE-2024-9979
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
updated 2 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion
  • @LeSuisse removed
    8 packages
    • pkgs.python312Packages.cryptography 42.0.5
    • pkgs.python312Packages.cryptography 43.0.1
    • pkgs.python311Packages.cryptography 42.0.5
    • pkgs.python311Packages.cryptography 43.0.1
    • pkgs.python311Packages.rpds-py 0.17.1
    • pkgs.python311Packages.rpds-py 0.18.1
    • pkgs.python311Packages.nh3 nh3-0.2.15
    • pkgs.python311Packages.nh3 nh3-0.2.17
  • @LeSuisse accepted as draft
Pyo3: risk of use-after-free in `borrowed` reads from python weak references

A flaw was found in PyO3. This vulnerability causes a use-after-free issue, potentially leading to memory corruption or crashes via unsound borrowing from weak Python references.

pyo3
<0.22.4
python3.11-nh3
python3.11-rpds-py
python3.11-cryptography
python3.12-cryptography
Notify package maintainers: 1
CVE-2023-6717
6.0 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): HIGH
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): LOW
updated 2 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion
  • @ANONYMOUS removed
    3 packages
    • pkgs.python312Packages.python-keycloak 4.0.0
    • pkgs.python311Packages.python-keycloak 4.0.0
    • pkgs.terraform-providers.keycloak 4.4.0
  • @LeSuisse accepted as draft
Keycloak: xss via assertion consumer service url in saml post-binding flow

A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs (ACS), posing a Cross-Site Scripting (XSS) risk. This issue may allow a malicious admin in one realm or a client with registration access to target users in different realms or applications, executing arbitrary JavaScript in their contexts upon form submission. This can enable unauthorized access and harmful actions, compromising the confidentiality, integrity, and availability of the complete KC instance.

keycloak
mta/mta-ui-rhel8
mta/mta-ui-rhel9
rh-sso7-keycloak
rhdh-hub-container
rhbk/keycloak-rhel9
*
org.keycloak/keycloak-core
org.keycloak-keycloak-parent
rhbk/keycloak-rhel9-operator
*
rhbk/keycloak-operator-bundle
*
openshift-gitops-1/gitops-rhel8-operator
openshift-serverless-1/logic-rhel8-operator
*
openshift-serverless-1/logic-operator-bundle
*
openshift-serverless-1/logic-swf-builder-rhel8
*
openshift-serverless-1/logic-swf-devmode-rhel8
*
openshift-serverless-1-logic-rhel8-operator-container
*
openshift-serverless-1/logic-data-index-ephemeral-rhel8
*
openshift-serverless-1-logic-swf-builder-rhel8-container
*
openshift-serverless-1-logic-swf-devmode-rhel8-container
*
openshift-serverless-1/logic-data-index-postgresql-rhel8
*
openshift-serverless-1/logic-jobs-service-ephemeral-rhel8
*
openshift-serverless-1/logic-jobs-service-postgresql-rhel8
*
openshift-serverless-1-logic-rhel8-operator-bundle-container
*
openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8
*
openshift-serverless-1-logic-data-index-ephemeral-rhel8-container
*
openshift-serverless-1-logic-data-index-postgresql-rhel8-container
*
openshift-serverless-1-logic-jobs-service-ephemeral-rhel8-container
*
openshift-serverless-1-logic-jobs-service-postgresql-rhel8-container
*
openshift-serverless-1-logic-kn-workflow-cli-artifacts-rhel8-container
*
Notify package maintainers: 3
CVE-2023-6291
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
updated 2 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion
  • @ANONYMOUS removed
    3 packages
    • pkgs.terraform-providers.keycloak 4.4.0
    • pkgs.python311Packages.python-keycloak 4.0.0
    • pkgs.python312Packages.python-keycloak 4.0.0
  • @LeSuisse accepted as draft
Keycloak: redirect_uri validation bypass

A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.

keycloak
rh-sso7-keycloak
*
rhbk/keycloak-rhel9
*
org.keycloak/keycloak-core
rhbk/keycloak-rhel9-operator
*
rhbk/keycloak-operator-bundle
*
rh-sso-7/sso76-openshift-rhel8
*
rh-sso-7/sso7-rhel8-operator-bundle
*
Notify package maintainers: 3
CVE-2024-8698
7.7 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
updated 2 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion
  • @ANONYMOUS removed
    3 packages
    • pkgs.terraform-providers.keycloak 4.4.0
    • pkgs.python311Packages.python-keycloak 4.0.0
    • pkgs.python312Packages.python-keycloak 4.0.0
  • @LeSuisse accepted as draft
Keycloak-saml-core: improper verification of saml responses leading to privilege escalation in keycloak

A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Reference element used to specify the signed element. This flaw allows attackers to create crafted responses that can bypass the validation, potentially leading to privilege escalation or impersonation attacks.

keycloak
<25.0.5
eap8-hppc
*
eap8-log4j
*
eap8-slf4j
*
eap8-jctools
*
eap8-jgroups
*
eap8-wildfly
*
eap8-narayana
*
eap8-asyncutil
*
eap8-hibernate
*
eap8-saaj-impl
*
eap8-snakeyaml
*
eap8-apache-cxf
*
eap8-cryptacular
*
eap8-fastinfoset
*
rh-sso7-keycloak
*
eap8-aws-java-sdk
*
eap8-pem-keystore
*
eap8-aesh-readline
*
eap8-jboss-logging
*
eap8-objectweb-asm
*
eap8-artemis-native
*
rhbk/keycloak-rhel9
*
eap8-aesh-extensions
*
eap8-nimbus-jose-jwt
*
eap8-resteasy-spring
*
eap8-activemq-artemis
*
eap8-apache-commons-io
*
eap8-jboss-cert-helper
*
eap8-apache-commons-lang
*
eap8-hibernate-validator
*
eap8-resteasy-extensions
*
eap8-apache-commons-codec
*
eap8-insights-java-client
*
eap8-activemq-artemis-native
*
eap8-eap-product-conf-parent
*
eap8-shibboleth-java-support
*
rhbk/keycloak-rhel9-operator
*
rhbk/keycloak-operator-bundle
*
rh-sso-7/sso76-openshift-rhel8
*
eap8-apache-commons-collections
*
org.keycloak/keycloak-saml-core
eap8-artemis-wildfly-integration
*
eap8-jakarta-servlet-jsp-jstl-api
*
org.keycloak/keycloak-saml-core-public
Notify package maintainers: 3
CVE-2024-1249
7.4 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
updated 2 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion
  • @ANONYMOUS removed
    3 packages
    • pkgs.python312Packages.python-keycloak 4.0.0
    • pkgs.python311Packages.python-keycloak 4.0.0
    • pkgs.terraform-providers.keycloak 4.4.0
  • @LeSuisse accepted as draft
Keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkloginiframe leads to ddos

A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origin validation for incoming messages.

keycloak
<24.0.3
<22.0.10
mta/mta-ui-rhel8
mta/mta-ui-rhel9
rh-sso7-keycloak
*
rhdh-hub-container
rhbk/keycloak-rhel9
*
keycloak-adapter-eap6
keycloak-adapter-sso7_2-eap6
keycloak-adapter-sso7_3-eap6
keycloak-adapter-sso7_4-eap6
keycloak-adapter-sso7_5-eap6
org.keycloak-keycloak-parent
rhbk/keycloak-rhel9-operator
*
rhbk/keycloak-operator-bundle
*
rh-sso-7/sso76-openshift-rhel8
*
openshift-serverless-1/logic-rhel8-operator
*
openshift-serverless-1/logic-operator-bundle
*
openshift-serverless-1/logic-swf-builder-rhel8
*
openshift-serverless-1/logic-swf-devmode-rhel8
*
openshift-serverless-1-logic-rhel8-operator-container
*
openshift-serverless-1/logic-data-index-ephemeral-rhel8
*
openshift-serverless-1-logic-swf-builder-rhel8-container
*
openshift-serverless-1-logic-swf-devmode-rhel8-container
*
openshift-serverless-1/logic-data-index-postgresql-rhel8
*
openshift-serverless-1/logic-jobs-service-ephemeral-rhel8
*
openshift-serverless-1/logic-jobs-service-postgresql-rhel8
*
openshift-serverless-1-logic-rhel8-operator-bundle-container
*
openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8
*
openshift-serverless-1-logic-data-index-ephemeral-rhel8-container
*
openshift-serverless-1-logic-data-index-postgresql-rhel8-container
*
openshift-serverless-1-logic-jobs-service-ephemeral-rhel8-container
*
openshift-serverless-1-logic-jobs-service-postgresql-rhel8-container
*
openshift-serverless-1-logic-kn-workflow-cli-artifacts-rhel8-container
*
Notify package maintainers: 3
CVE-2024-10525
9.1 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
updated 2 weeks, 1 day ago by @LeSuisse Activity log
  • Created automatic suggestion
  • @LeSuisse removed
    2 packages
    • pkgs.haskellPackages.mosquitto-hs 0.1.0.0
    • pkgs.chickenPackages_5.chickenEggs.mosquitto 0.1.5
  • @LeSuisse accepted as draft
Eclipse Mosquito: Heap Buffer Overflow in my_subscribe_callback

In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a malicious broker sends a crafted SUBACK packet with no reason codes, a client using libmosquitto may make out of bounds memory access when acting in its on_subscribe callback. This affects the mosquitto_sub and mosquitto_rr clients.

mosquitto
=<2.0.18

pkgs.mosquitto

Open source MQTT v3.1/3.1.1/5.0 broker
Notify package maintainers: 1
CVE-2024-45691
5.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
updated 2 weeks, 1 day ago by @LeSuisse Activity log
  • Created automatic suggestion
  • @LeSuisse removed
    3 packages
    • pkgs.texlivePackages.moodle 1.0
    • pkgs.moodle-dl 2.2.2.4
    • pkgs.moodle-dl 2.3.12
  • @LeSuisse accepted as draft
Moodle: lesson activity password bypass through php loose comparison

A flaw was found in Moodle. When restricting access to a lesson activity with a password, certain passwords could be bypassed or less secure due to a loose comparison in the password-checking logic. This issue only affected passwords set to "magic hash" values.

moodle
<4.3.7
<4.4.3
<4.2.10
<4.1.13

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP
Notify package maintainers: 1
CVE-2024-10573
6.7 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
updated 2 weeks, 1 day ago by @LeSuisse Activity log
  • Created automatic suggestion
  • @LeSuisse removed package pkgs.haskellPackages.mpg123-bindings 0.1.0.0
  • @LeSuisse accepted as draft
Mpg123: buffer overflow when writing decoded pcm samples

An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution is not discarded. The complexity required to exploit this flaw is considered high as the payload must be validated by the MPEG decoder and the PCM synth before execution. Additionally, to successfully execute the attack, the user must scan through the stream, making web live stream content (such as web radios) a very unlikely attack vector.

mpg123

pkgs.mpg123

Fast console MPEG Audio Player and decoder library

pkgs.libmpg123

Fast console MPEG Audio Player and decoder library
Notify package maintainers: 1
CVE-2024-3935
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
updated 2 weeks, 1 day ago by @LeSuisse Activity log
  • Created automatic suggestion
  • @LeSuisse removed
    2 packages
    • pkgs.haskellPackages.mosquitto-hs 0.1.0.0
    • pkgs.chickenPackages_5.chickenEggs.mosquitto 0.1.5
  • @LeSuisse accepted as draft
Eclipse Mosquito: Double free vulnerability

In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to create an outgoing bridge connection, and that bridge connection has an incoming topic configured that makes use of topic remapping, then if the remote connection sends a crafted PUBLISH packet to the broker a double free will occur with a subsequent crash of the broker.

mosquitto
=<2.0.18

pkgs.mosquitto

Open source MQTT v3.1/3.1.1/5.0 broker
Notify package maintainers: 1