Description
It was found that Keycloak's SAML broker, versions up to 6.0.1, did not verify missing message signatures. If an attacker modifies the SAML Response and removes the
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10201
Related Vulnerabilities
CVE-2023-24815 Vulnerability in maven package io.vertx:vertx-web
CVE-2022-46366 Vulnerability in maven package tapestry:tapestry
CVE-2023-35155 Vulnerability in maven package org.xwiki.platform:xwiki-platform-sharepage-api
CVE-2021-37533 Vulnerability in maven package commons-net:commons-net
CVE-2017-2670 Vulnerability in maven package io.undertow:undertow-core