CyberSec.Space Logo
返回 CVE 浏览器

CVE-2017-7474

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1120%
EPSS Percentile26.61th
Published2017年5月12日
Last Modified2026年5月13日

Vulnerability Description

It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly. An attacker could use this flaw to bypass authentication and gain access to restricted information, or to possibly conduct further attacks.

Affected Platforms (CPE)

📦
Keycloak

Keycloak Nodejs Auth Utils

= 2.5.0
📦
Keycloak

Keycloak Nodejs Auth Utils

= 2.5.0
📦
Keycloak

Keycloak Nodejs Auth Utils

= 2.5.1
📦
Keycloak

Keycloak Nodejs Auth Utils

= 2.5.2
📦
Keycloak

Keycloak Nodejs Auth Utils

= 2.5.3
📦
Keycloak

Keycloak Nodejs Auth Utils

= 2.5.4
📦
Keycloak

Keycloak Nodejs Auth Utils

= 2.5.5
📦
Keycloak

Keycloak Nodejs Auth Utils

= 2.5.6
📦
Keycloak

Keycloak Nodejs Auth Utils

= 2.5.7
📦
Keycloak

Keycloak Nodejs Auth Utils

= 3.0.0
📦
Keycloak

Keycloak Nodejs Auth Utils

= 3.0.0

References & Advisories

🔗 http://rhn.redhat.com/errata/RHSA-2017-1203.html
🔗 https://bugzilla.redhat.com/show_bug.cgi?id=1445271
🔗 http://rhn.redhat.com/errata/RHSA-2017-1203.html
🔗 https://bugzilla.redhat.com/show_bug.cgi?id=1445271

相关漏洞威胁

CVE-2017-278810.0

A buffer overflows exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet ...

CVE-2017-772210.0

In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with ...

CVE-2017-278510.0

An exploitable buffer overflow exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially cra...

CVE-2017-232010.0

A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenti...