PT-2025-54693 · Maven · Org.Keycloak:Keycloak-Ldap-Federation
Publicado
2025-11-25
·
Atualizado
2025-11-25
CVSS v3.1
5.5
Média
| Vetor | AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N |
Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-4hx9-48xh-5mxr. This link is maintained to preserve external references.
Original Description
A flaw was found in the Keycloak LDAP User Federation provider. This vulnerability allows an authenticated realm administrator to trigger deserialization of untrusted Java objects via a malicious LDAP server configuration.
Correção
Deserialization of Untrusted Data
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Org.Keycloak:Keycloak-Ldap-Federation