org.keycloak:keycloak-ldap-federation

Maven4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting org.keycloak:keycloak-ldap-federationpage 1 of 1

CVE-2022-2232HIGHCVSS 7.5EG 7.5✓ Fixed in 23.0.1
2024-11-14
vulnerable: 1.0-beta-4 ... 9.0.3 (151 versions)
A flaw was found in the Keycloak package. This flaw allows an attacker to utilize an LDAP injection to bypass the username lookup or potentially perform other malicious actions.
CVE-2024-5967LOWCVSS 2.7EG 2.7✓ Fixed in 24.0.6
2024-06-18
vulnerable: 23.0.0 ... 24.0.5 (14 versions)
A vulnerability was found in Keycloak. The LDAP testing endpoint allows changing the Connection URL independently without re-entering the currently configured LDAP bind credentials. This flaw allows an attacker with admin access (permis…
CVE-2025-0604MEDIUMCVSS 5.4EG 5.4✓ Fixed in 26.0.10
2025-01-22
vulnerable: 1.0-beta-4 ... 9.0.3 (180 versions)
A flaw was found in Keycloak. When an Active Directory user resets their password, the system updates it without performing an LDAP bind to validate the new credentials against AD. This vulnerability allows users whose AD accounts are expi…
CVE-2025-13467MEDIUMCVSS 5.5EG 5.5✓ Fixed in 26.2.11
2025-11-25
vulnerable: 1.0-beta-4 ... 9.0.3 (192 versions)
A flaw was found in the Keycloak LDAP User Federation provider. This vulnerability allows an authenticated realm administrator to trigger deserialization of untrusted Java objects via a malicious LDAP server configuration.

Check whether org.keycloak:keycloak-ldap-federation is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.keycloak:keycloak-ldap-federation CVEs against the assets you own.

Start Free Scan →