Description
A flaw was found in keycloak affecting versions 11.0.3 and 12.0.0. An expired certificate would be accepted by the direct-grant authenticator because of missing time stamp validations. The highest threat from this vulnerability is to data confidentiality and integrity.
Remediation
References
https://access.redhat.com/security/cve/cve-2020-35509
Related Vulnerabilities
CVE-2020-6454 Vulnerability in npm package electron
CVE-2017-2652 Vulnerability in maven package org.jvnet.hudson.plugins:distfork
CVE-2022-28220 Vulnerability in maven package org.apache.james:james-server-protocols-managesieve
CVE-2010-2076 Vulnerability in maven package org.apache.cxf:cxf-bundle-minimal
CVE-2017-5662 Vulnerability in maven package org.eclipse.birt.runtime.3_7_1:org.apache.batik.dom