CVE-2014-3655: Cross-Site Request Forgery (CSRF)

November 13, 2019 (updated November 14, 2019)

JBoss KeyCloak is vulnerable to soft token deletion via CSRF

References

bugzilla.redhat.com/CVE-2014-3655
issues.jboss.org/browse/KEYCLOAK-705

Code Behaviors & Features

Detect and mitigate CVE-2014-3655 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →