CyberAlerts

[org.keycloak:keycloak-ldap-federation] Authentication Bypass Due to Missing LDAP Bind After Password Reset in Keycloak

Description: The issue arises because Keycloak does not perform an LDAP bind after a password reset, leading to potential authentication bypass for expired or disabled AD accounts. A fix should enforce LDAP validation after password updates to ensure consistency with AD authentication policies. References https://github.com/keycloak/keycloak/security/advisories/GHSA-2p82-5wwr-43cw https://nvd.nist.gov/vuln/detail/CVE-2025-0604 https://access.redhat.com/errata/RHSA-2025:2545 https://access.redhat.com/security/cve/CVE-2025-0604 https://bugzilla.redhat.com/show_bug.cgi?id=2338993 https://github.com/advisories/GHSA-2p82-5wwr-43cw

Source: Github Advisory Database (Maven)

March 10th, 2025 (4 months ago)

[org.keycloak:keycloak-services] Improper Authorization in Keycloak Organization Mapper Allows Unauthorized Organization Claims

Description: This vulnerability is caused by the improper mapping of users to organizations based solely on email/username patterns. The issue is limited to the token claim level, meaning the user is not truly added to the organization but may appear as such in applications relying on these claims. The risk increases in scenarios where self-registration is enabled and unrestricted, allowing an attacker to exploit the naming pattern. The issue is mitigated if admins restrict registration or use strict validation mechanisms. References https://github.com/keycloak/keycloak/security/advisories/GHSA-gvgg-2r3r-53x7 https://nvd.nist.gov/vuln/detail/CVE-2025-1391 https://github.com/keycloak/keycloak/commit/5aa2b4c75bb474303ab807017582bc01a9f7e378 https://access.redhat.com/errata/RHSA-2025:2545 https://access.redhat.com/security/cve/CVE-2025-1391 https://bugzilla.redhat.com/show_bug.cgi?id=2346082 https://github.com/advisories/GHSA-gvgg-2r3r-53x7

EPSS Score: 0.03%

Source: Github Advisory Database (Maven)

March 10th, 2025 (4 months ago)

Threat Attack Daily - March 10th, 2025

Description: Threat Attack Daily - March 10th, 2025

Source: DarkWebInformer

March 10th, 2025 (4 months ago)

CVE-2025-27913

Passbolt API before 5, if the server is misconfigured (with an incorrect installation process and disregarding of Health Check results), can send...

Description: Passbolt API before 5, if the server is misconfigured (with an incorrect installation process and disregarding of Health Check results), can send email messages with a domain name taken from an attacker-controlled HTTP Host header.

CVSS: LOW (2.1)

EPSS Score: 0.02%

Source: CVE

March 10th, 2025 (4 months ago)

CVE-2025-2137

Out of bounds read in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to perform out of bounds memory access via a crafted...

Description: Out of bounds read in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)

EPSS Score: 0.07%

Source: CVE

March 10th, 2025 (4 months ago)

CVE-2025-2136

Use after free in Inspector in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted...

Description: Use after free in Inspector in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

EPSS Score: 0.09%

Source: CVE

March 10th, 2025 (4 months ago)

CVE-2025-2135

Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML...

Description: Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

EPSS Score: 0.07%

Source: CVE

March 10th, 2025 (4 months ago)

CVE-2025-1920

Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML...

Description: Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

EPSS Score: 0.07%

Source: CVE

March 10th, 2025 (4 months ago)

CVE-2025-0660

Stored XSS in Folder Function by Rogue Admin

Description: Concrete CMS versions 9.0.0 through 9.3.9 are affected by a stored XSS in Folder Function.The "Add Folder" functionality lacks input sanitization, allowing a rogue admin to inject XSS payloads as folder names. The Concrete CMS security team gave this vulnerability a CVSS 4.0 Score of 4.8 with vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N. Versions below 9 are not affected. Thanks, Alfin Joseph for reporting.

CVSS: MEDIUM (4.8)

EPSS Score: 0.18%

Source: CVE

March 10th, 2025 (4 months ago)

CVE-2024-56192

In wl_notify_gscan_event of wl_cfgscan.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local...

Description: In wl_notify_gscan_event of wl_cfgscan.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

EPSS Score: 0.01%

Source: CVE

March 10th, 2025 (4 months ago)

Threat and Vulnerability Intelligence Database

Example Searches:

	[org.keycloak:keycloak-ldap-federation] Authentication Bypass Due to Missing LDAP Bind After Password Reset in Keycloak Description: The issue arises because Keycloak does not perform an LDAP bind after a password reset, leading to potential authentication bypass for expired or disabled AD accounts. A fix should enforce LDAP validation after password updates to ensure consistency with AD authentication policies. References https://github.com/keycloak/keycloak/security/advisories/GHSA-2p82-5wwr-43cw https://nvd.nist.gov/vuln/detail/CVE-2025-0604 https://access.redhat.com/errata/RHSA-2025:2545 https://access.redhat.com/security/cve/CVE-2025-0604 https://bugzilla.redhat.com/show_bug.cgi?id=2338993 https://github.com/advisories/GHSA-2p82-5wwr-43cw Source: Github Advisory Database (Maven) March 10th, 2025 (4 months ago)
	[org.keycloak:keycloak-services] Improper Authorization in Keycloak Organization Mapper Allows Unauthorized Organization Claims Description: This vulnerability is caused by the improper mapping of users to organizations based solely on email/username patterns. The issue is limited to the token claim level, meaning the user is not truly added to the organization but may appear as such in applications relying on these claims. The risk increases in scenarios where self-registration is enabled and unrestricted, allowing an attacker to exploit the naming pattern. The issue is mitigated if admins restrict registration or use strict validation mechanisms. References https://github.com/keycloak/keycloak/security/advisories/GHSA-gvgg-2r3r-53x7 https://nvd.nist.gov/vuln/detail/CVE-2025-1391 https://github.com/keycloak/keycloak/commit/5aa2b4c75bb474303ab807017582bc01a9f7e378 https://access.redhat.com/errata/RHSA-2025:2545 https://access.redhat.com/security/cve/CVE-2025-1391 https://bugzilla.redhat.com/show_bug.cgi?id=2346082 https://github.com/advisories/GHSA-gvgg-2r3r-53x7 EPSS Score: 0.03% Source: Github Advisory Database (Maven) March 10th, 2025 (4 months ago)
	Threat Attack Daily - March 10th, 2025 Description: Threat Attack Daily - March 10th, 2025 Source: DarkWebInformer March 10th, 2025 (4 months ago)
CVE-2025-27913	Passbolt API before 5, if the server is misconfigured (with an incorrect installation process and disregarding of Health Check results), can send... Description: Passbolt API before 5, if the server is misconfigured (with an incorrect installation process and disregarding of Health Check results), can send email messages with a domain name taken from an attacker-controlled HTTP Host header. CVSS: LOW (2.1) EPSS Score: 0.02% Source: CVE March 10th, 2025 (4 months ago)
CVE-2025-2137	Out of bounds read in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to perform out of bounds memory access via a crafted... Description: Out of bounds read in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) EPSS Score: 0.07% Source: CVE March 10th, 2025 (4 months ago)
CVE-2025-2136	Use after free in Inspector in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted... Description: Use after free in Inspector in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) EPSS Score: 0.09% Source: CVE March 10th, 2025 (4 months ago)
CVE-2025-2135	Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML... Description: Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) EPSS Score: 0.07% Source: CVE March 10th, 2025 (4 months ago)
CVE-2025-1920	Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML... Description: Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) EPSS Score: 0.07% Source: CVE March 10th, 2025 (4 months ago)
CVE-2025-0660	Stored XSS in Folder Function by Rogue Admin Description: Concrete CMS versions 9.0.0 through 9.3.9 are affected by a stored XSS in Folder Function.The "Add Folder" functionality lacks input sanitization, allowing a rogue admin to inject XSS payloads as folder names. The Concrete CMS security team gave this vulnerability a CVSS 4.0 Score of 4.8 with vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N. Versions below 9 are not affected. Thanks, Alfin Joseph for reporting. CVSS: MEDIUM (4.8) EPSS Score: 0.18% Source: CVE March 10th, 2025 (4 months ago)
CVE-2024-56192	In wl_notify_gscan_event of wl_cfgscan.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local... Description: In wl_notify_gscan_event of wl_cfgscan.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. EPSS Score: 0.01% Source: CVE March 10th, 2025 (4 months ago)