Vulnerability Details CVE-2017-7474
It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly. An attacker could use this flaw to bypass authentication and gain access to restricted information, or to possibly conduct further attacks.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 33.2%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2017-7474
-
cpe:2.3:a:keycloak:keycloak-nodejs-auth-utils:2.5.0
-
cpe:2.3:a:keycloak:keycloak-nodejs-auth-utils:2.5.1
-
cpe:2.3:a:keycloak:keycloak-nodejs-auth-utils:2.5.2
-
cpe:2.3:a:keycloak:keycloak-nodejs-auth-utils:2.5.3
-
cpe:2.3:a:keycloak:keycloak-nodejs-auth-utils:2.5.4
-
cpe:2.3:a:keycloak:keycloak-nodejs-auth-utils:2.5.5
-
cpe:2.3:a:keycloak:keycloak-nodejs-auth-utils:2.5.6
-
cpe:2.3:a:keycloak:keycloak-nodejs-auth-utils:2.5.7
-
cpe:2.3:a:keycloak:keycloak-nodejs-auth-utils:3.0.0