CVE-2018-14637: Improper Authentication

December 21, 2018 (updated September 10, 2021)

The SAML broker consumer endpoint in Keycloak before version 4.6.0.Final ignores expiration conditions on SAML assertions. An attacker can exploit this vulnerability to perform a replay attack.

References

github.com/advisories/GHSA-gf2j-7qwg-4f5x
nvd.nist.gov/vuln/detail/CVE-2018-14637

Code Behaviors & Features

Detect and mitigate CVE-2018-14637 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →