WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2020-1744 Vulnerability in maven package org.keycloak:keycloak-services

Description

A flaw was found in keycloak before version 9.0.1. When configuring an Conditional OTP Authentication Flow as a post login flow of an IDP, the failure login events for OTP are not being sent to the brute force protection event queue. So BruteForceProtector does not handle this events.

Remediation

References

https://access.redhat.com/security/cve/CVE-2020-1744

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1744

Related Vulnerabilities

CVE-2021-39231 Vulnerability in maven package org.apache.ozone:ozone-main

CVE-2015-5256 Vulnerability in npm package cordova-android

CVE-2023-37949 Vulnerability in maven package io.jenkins.plugins:macstadium-orka

CVE-2022-40634 Vulnerability in maven package org.craftercms:craftercms

CVE-2022-34805 Vulnerability in maven package org.jenkins-ci.plugins:skype-notifier

Severity

Medium

Classification

CWE-755 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Tags

Vendor Advisory Issue Tracking