keycloak-auth-utils is vulnerable to privilege escalation attacks. The vulnerability is possible because it does not properly perform the token validation in validateGrant()
. Therefore, attackers can bypass the authentication with invalid tokens and perform unauthorized access to the restricted information and possibly launch other attacks.