New: Corgea AI Pentesting — autonomous penetration testing in hours, not weeks
HIGH 8.2 Maven

Duplicate Advisory: Keycloak hostname verification

GHSA-r934-w73g-v4p8

Published · Modified

Description

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-hw58-3793-42gg. This link is maintained to preserve external references.

Original Description

A flaw was found in Keycloak. By setting a verification policy to 'ALL', the trust store certificate verification is skipped, which is unintended.

Ready to move

Start Securing

Free, no credit card | First findings in minutes