Description
A flaw was found in keycloak affecting versions 11.0.3 and 12.0.0. An expired certificate would be accepted by the direct-grant authenticator because of missing time stamp validations. The highest threat from this vulnerability is to data confidentiality and integrity.
Remediation
References
https://access.redhat.com/security/cve/cve-2020-35509
Related Vulnerabilities
CVE-2020-11969 Vulnerability in maven package org.apache.tomee:openejb-core
CVE-2023-36479 Vulnerability in maven package org.eclipse.jetty.ee8:jetty-ee8-servlets
CVE-2017-5662 Vulnerability in maven package batik:batik-dom
CVE-2020-6541 Vulnerability in npm package electron
CVE-2018-1270 Vulnerability in maven package org.springframework:spring-messaging