Nixpkgs Security Tracker

Untriaged

Permalink CVE-2025-5416

updated 3 months, 2 weeks ago by @LeSuisse Activity log

Created automatic suggestion 5 months ago
@LeSuisse removed
3 packages
- terraform-providers.keycloak
- python312Packages.python-keycloak
- python313Packages.python-keycloak
3 months, 2 weeks ago

Keycloak-core: keycloak environment information

A vulnerability has been identified in Keycloak that could lead to unauthorized information disclosure. While it requires an already authenticated user, the /admin/serverinfo endpoint can inadvertently provide sensitive environment information.

Affected products

keycloak

Matching in nixpkgs

pkgs.keycloak

Identity and access management for modern applications and services

nixos-unstable -
- nixpkgs-unstable 26.3.4

Package maintainers

@ngerstle Nicholas Gerstle <ngerstle@gmail.com>
@NickCao Nick Cao <nickcao@nichi.co>
@talyz Kim Lindberger <kim.lindberger@gmail.com>
@leona-ya Leona Maroni <nix@leona.is>

Suggestion detail

Affected products

Matching in nixpkgs

pkgs.keycloak

Package maintainers