CVE-2020-35509

Improper Certificate Validation in maven/org.keycloak/keycloak-core

Identifiers

GHSA-rpj2-w6fr-79hc, CVE-2020-35509

Package Slug

maven/org.keycloak/keycloak-core

Vulnerability

Improper Certificate Validation

Description

keycloak accepts an expired certificate by the direct-grant authenticator because of missing time stamp validations. The highest threat from this vulnerability is to data confidentiality and integrity.

Affected Versions

All versions before 14.0.0

Solution

Upgrade to version 14.0.0 or above.

Last Modified

2022-12-07

source