Skip to content

RadicalNotion.AI

We do not sell or share your personal information

© 2026 RadicalNotion.AI

Security Data

CWE Directory
CAPEC Directory
CNA Directory
CNA Report Cards
Data Sources

Calculators

CVSS Calculator
CVSS 4.0
CVSS 3.1
CVSS 3.0
CVSS 2.0

Platform

My Vulnerabilities
Insights
Notifications
Account
Pricing

Learn

All guides
What is a CVE?
What is CVSS?
The CISA KEV catalog
What is EPSS?

Company

About us
Blog
Book a demo

Get Started

Sign up
Log in

Legal

Privacy
Terms

Security data

Weaknesses (CWE)The MITRE CWE weakness catalog
Attack Patterns (CAPEC)MITRE CAPEC attack patterns
CNAsNumbering authorities + report cards
VendorsVulnerabilities by vendor

Tools

CVSS CalculatorScore CVSS 4.0, 3.1, 3.0 & 2.0

Resources

LearnPlain-English security guides
Data SourcesHow we source CVE data

About Us Blog Pricing Book a Demo

Log in

Home
Vendors
Red Hat
Red Hat Build Of Keycloak 22

Red Hat build of Keycloak 22 Vulnerabilities: CVEs, CISA KEV & Security Advisories

18 CVEs

Red Hat build of Keycloak 22 Vulnerabilities

CVE security advisories and vulnerability history for Red Hat build of Keycloak 22 by Red Hat.

18

Total CVEs

Published

0

In CISA KEV

Exploited in the wild

1

Public exploits

With known exploit

6.0

Avg CVSS

2023–2024

Last updated November 17, 2024

Overview

Red Hat build of Keycloak 22 has 18 published CVE records since 2023, of which 0 are in CISA's Known Exploited Vulnerabilities catalog and 1 have a known public exploit. The average CVSS base score across scored CVEs is 6.0.

This page aggregates every publicly disclosed vulnerability (CVE) affecting Red Hat build of Keycloak 22, with a severity breakdown, the affected and patched versions, the most common weakness types, and the full CVE list.

Severity and exploitation

How the CVSS severity of Red Hat build of Keycloak 22's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical0

High7

Medium9

Low2

In CISA’s Known Exploited Vulnerabilities catalog

0

None of Red Hat build of Keycloak 22's CVEs are currently listed in CISA's KEV catalog.

Public exploits

1

One of Red Hat build of Keycloak 22's CVEs has a known public exploit available.

Affected versions and CVEs

Browse every Red Hat build of Keycloak 22 version named in a CVE, then pick one to see only the CVEs that affect it.

Default status

All versions18 CVEs

Find a version

18 CVEs

Sort

Low vulnerability · 2024-11-17
CVE-2023-0657
Patch
CWE-273
Low · CVSS 3.4
EPSS 0.1% (17th pct)2024-11-17
Keycloak: vulnerable redirect uri validation results in open redirec
CVE-2024-8883
Patch
CWE-601
Medium · CVSS 6.1
EPSS 6.6% (91th pct)2024-09-19
Keycloak-saml-core: improper verification of saml responses leading to privilege escalation in keycloak
CVE-2024-8698
Patch
CWE-347
High · CVSS 7.7
EPSS 82.2% (99th pct)2024-09-19
Wildfly-elytron: org.keycloak/keycloak-services: session fixation in elytron saml adapters
CVE-2024-7341
Patch
CWE-384
High · CVSS 7.1
EPSS 2.2% (85th pct)2024-09-09
Keycloak: potential bypass of brute force protection
CVE-2024-4629
Patch
CWE-837
Medium · CVSS 6.5
EPSS 0.4% (64th pct)2024-09-03
Keycloak: leak of configured ldap bind credentials through the keycloak admin console
CVE-2024-5967
Patch
CWE-276
Low · CVSS 2.7
EPSS 0.1% (26th pct)2024-06-18
Keycloak: exposure of sensitive information in pushed authorization requests (par) kc_restart cookie
CVE-2024-4540
Patch
CWE-312
High · CVSS 7.5
EPSS 0.3% (54th pct)2024-06-03
Keycloak: session hijacking via re-authentication
CVE-2023-6787
Patch
CWE-287
Medium · CVSS 6.5
EPSS 0.6% (69th pct)2024-04-25
Keycloak: xss via assertion consumer service url in saml post-binding flow
CVE-2023-6717
Patch
CWE-79
Medium · CVSS 6.0
EPSS 0.1% (28th pct)2024-04-25
Keycloak: authorization bypass
CVE-2023-6544
Patch
CWE-625
Medium · CVSS 5.4
EPSS 1.3% (80th pct)2024-04-25
Keycloak: log injection during webauthn authentication or registration
CVE-2023-6484
Patch
CWE-117
Medium · CVSS 5.3
EPSS 0.6% (70th pct)2024-04-25
Keycloak: secondary factor bypass in step-up authentication
CVE-2023-3597
Patch
CWE-287
Medium · CVSS 5.0
EPSS 0.1% (26th pct)2024-04-25
Keycloak: path traversal in the redirect validation
CVE-2024-2419
Patch
CWE-601
High · CVSS 7.1
EPSS 0.1% (21th pct)2024-04-17
Keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkloginiframe leads to ddos
CVE-2024-1249
Patch
CWE-346
High · CVSS 7.4
EPSS 0.2% (46th pct)2024-04-17
Keycloak: path transversal in redirection validation
CVE-2024-1132
Public exploit
Patch
Workaround
CWE-22
High · CVSS 8.1
EPSS 0.3% (56th pct)2024-04-17
Keycloak: redirect_uri validation bypass
CVE-2023-6291
Patch
CWE-601
High · CVSS 7.1
EPSS 0.2% (39th pct)2024-01-26
Keycloak: open redirect via "form_post.jwt" jarm response mode
CVE-2023-6927
Patch
CWE-601
Medium · CVSS 4.6
EPSS 0.8% (75th pct)2023-12-18
Keycloak: reflected xss via wildcard in oidc redirect_uri
CVE-2023-6134
Patch
CWE-79
Medium · CVSS 4.6
EPSS 2.5% (86th pct)2023-12-14

Common weakness types

The CWE weakness categories most often found in Red Hat build of Keycloak 22 CVEs. Follow any weakness for its full explanation.

CWE-601URL Redirection to Untrusted Site ('Open Redirect')4 CVEs
CWE-287Improper Authentication2 CVEs
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')2 CVEs
CWE-276Incorrect Default Permissions1 CVE
CWE-312Cleartext Storage of Sensitive Information1 CVE
CWE-346Origin Validation Error1 CVE
CWE-347Improper Verification of Cryptographic Signature1 CVE
CWE-384Session Fixation1 CVE

Disclosure activity by year

How many Red Hat build of Keycloak 22 CVEs were published each year.

2023

2

2024

16

Other Red Hat products

Browse vulnerabilities for other products by Red Hat.

Red Hat Enterprise Linux 9678 CVEs Red Hat Enterprise Linux 8672 CVEs Red Hat Enterprise Linux 7581 CVEs Red Hat Enterprise Linux 6537 CVEs Red Hat Enterprise Linux 10386 CVEs Red Hat OpenShift Container Platform 4188 CVEs Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support129 CVEs Red Hat Enterprise Linux 9.4 Extended Update Support118 CVEs

All Red Hat vulnerabilities

Frequently asked questions

Common questions about Red Hat build of Keycloak 22 vulnerabilities.

How many CVEs does Red Hat Red Hat build of Keycloak 22 have?

Red Hat Red Hat build of Keycloak 22 has 18 published CVE records since 2023.

How many Red Hat Red Hat build of Keycloak 22 CVEs are in CISA KEV?

None of Red Hat Red Hat build of Keycloak 22's CVEs are currently listed in CISA's Known Exploited Vulnerabilities catalog.

Are there public exploits for Red Hat Red Hat build of Keycloak 22 vulnerabilities?

Yes — 1 of Red Hat Red Hat build of Keycloak 22's CVEs have a known public exploit.

Which versions of Red Hat Red Hat build of Keycloak 22 are affected?

1 distinct Red Hat Red Hat build of Keycloak 22 version is named across its CVEs. Use the version filter above to see the CVEs affecting a specific version.

What are the most common weakness types in Red Hat Red Hat build of Keycloak 22 CVEs?

Red Hat Red Hat build of Keycloak 22's CVEs most often map to these CWE weakness types: CWE-601 (URL Redirection to Untrusted Site ('Open Redirect')), CWE-287 (Improper Authentication), CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-276 (Incorrect Default Permissions).

What is the average severity of Red Hat Red Hat build of Keycloak 22 CVEs?

The average CVSS base score across Red Hat Red Hat build of Keycloak 22's scored CVEs is 6.0.

References

All Red Hat vulnerabilities
The MITRE CVE Program (opens in a new tab)
Learn: What is a CVE?
CWE directory: the weakness types these CVEs map to

Vulnerability data is sourced from the CVE Program; severity, KEV, and exploit signals are aggregated by RadicalNotion.AI.

Track Red Hat build of Keycloak 22 vulnerabilities

Monitor new Red Hat build of Keycloak 22 vulnerabilities as they are disclosed, with AI-written analysis and remediation guidance.

Start free See pricing

On this page

Overview
Severity and exploitation
Affected versions and CVEs
Common weakness types
Disclosure activity
Other products
FAQ
References