Lucene search
RedhatCVELIST:CVE-2017-12159HistoryOct 17, 2017 - 12:00 a.m.
CVE-2017-12159
2017-10-1700:00:00
CWE-613
redhat
www.cve.org
6
It was found that the cookie used for CSRF prevention in Keycloak was not unique to each session. An attacker could use this flaw to gain access to an authenticated user session, leading to possible information disclosure or further attacks.
CNA Affected
[
{
"product": "keycloak",
"vendor": "Red Hat, Inc.",
"versions": [
{
"status": "affected",
"version": "3.4.0"
}
]
}
]Related
prion
prion
Information disclosure
2017-10-26 17:29:00
redhatcve
redhatcve
CVE-2017-12159
2019-10-06 20:47:35
github
github
Keycloak CSRF Vulnerability
2022-05-13 01:38:14
nvd
nvd
CVE-2017-12159
2017-10-26 17:29:00
veracode
veracode
Cross-site Request Forgery (CSRF)
2017-10-27 02:09:32
osv
osv
CGA-mrv4-ccrx-m6pr
2024-06-06 12:28:34
Keycloak CSRF Vulnerability
2022-05-13 01:38:14
cve
cve
CVE-2017-12159
2017-10-26 17:29:00
nessus
nessus
RHEL 6 : rh-sso7-keycloak (RHSA-2017:2904)
2017-10-19 00:00:00
RHEL 7 : rh-sso7-keycloak (RHSA-2017:2905)
2017-10-19 00:00:00
redhat
redhat
(RHSA-2017:2904) Moderate: rh-sso7-keycloak security update
2017-10-17 19:40:36
(RHSA-2017:2906) Moderate: Red Hat Single Sign-On security update
2017-10-17 19:41:35
(RHSA-2017:2905) Moderate: rh-sso7-keycloak security update
2017-10-17 19:40:56