Untriaged
Org.keycloak:keycloak-quarkus-server: denial of service in keycloak server via security headers
A denial of service vulnerability was found in Keycloak that could allow an administrative user with the right to change realm settings to disrupt the service. This action is done by modifying any of the security headers and inserting newlines, which causes the Keycloak server to write to a request that has already been terminated, leading to the failure of said request.
Affected products
keycloak
- <26.0.8
rhbk/keycloak-rhel9
- *
rhbk/keycloak-rhel9-operator
- *
rhbk/keycloak-operator-bundle
- *
org.keycloak/keycloak-quarkus-server
Matching in nixpkgs
pkgs.keycloak
Identity and access management for modern applications and services
-
nixos-unstable -
- nixpkgs-unstable 26.3.4
pkgs.terraform-providers.keycloak
None
-
nixos-unstable -
- nixpkgs-unstable 5.4.0
pkgs.python312Packages.python-keycloak
Provides access to the Keycloak API
-
nixos-unstable -
- nixpkgs-unstable 4.0.0
pkgs.python313Packages.python-keycloak
Provides access to the Keycloak API
-
nixos-unstable -
- nixpkgs-unstable 4.0.0
Package maintainers
-
@ngerstle Nicholas Gerstle <ngerstle@gmail.com>
-
@NickCao Nick Cao <nickcao@nichi.co>
-
@talyz Kim Lindberger <kim.lindberger@gmail.com>
-
@leona-ya Leona Maroni <nix@leona.is>