Improve Keycloak templates

patch-1
Thibault Soubiran 2023-02-10 22:01:43 +01:00
parent 944996ff12
commit 8d26b3fea5
6 changed files with 11 additions and 11 deletions

View File

@ -1,10 +1,10 @@
id: CVE-2020-10770 id: CVE-2020-10770
info: info:
name: Keycloak 12.0.1 - request_uri Blind Server-Side Request Forgery (SSRF) name: Keycloak <= 12.0.1 - request_uri blind Server-Side Request Forgery (SSRF)
author: dhiyaneshDk author: dhiyaneshDk
severity: medium severity: medium
description: Keycloak 12.0.1 and below allow an attacker to force the server to request an unverified URL using the OIDC parameter request_uri. This allows an attacker to execute a server-side request forgery (SSRF) attack. description: Keycloak 12.0.1 and below allows an attacker to force the server to request an unverified URL using the OIDC parameter request_uri. This allows an attacker to execute a server-side request forgery (SSRF) attack.
reference: reference:
- https://packetstormsecurity.com/files/164499/Keycloak-12.0.1-Server-Side-Request-Forgery.html - https://packetstormsecurity.com/files/164499/Keycloak-12.0.1-Server-Side-Request-Forgery.html
- https://www.exploit-db.com/exploits/50405 - https://www.exploit-db.com/exploits/50405
@ -14,7 +14,7 @@ info:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
cvss-score: 5.3 cvss-score: 5.3
cve-id: CVE-2020-10770 cve-id: CVE-2020-10770
cwe-id: CWE-601 cwe-id: CWE-918
tags: keycloak,ssrf,oast,cve,cve2020,blind,packetstorm,edb tags: keycloak,ssrf,oast,cve,cve2020,blind,packetstorm,edb
requests: requests:

View File

@ -1,7 +1,7 @@
id: key-cloak-admin-panel id: keycloak-admin-panel
info: info:
name: Keycloak Admin Login Panel - Detect name: Keycloak admin login panel - Detect
author: incogbyte,righettod,daffainfo author: incogbyte,righettod,daffainfo
severity: info severity: info
description: Keycloak admin login panel was detected. description: Keycloak admin login panel was detected.

View File

@ -1,7 +1,7 @@
id: keycloak-openid-config id: keycloak-openid-config
info: info:
name: Keycloak Openid Config - Detect name: Keycloak OpenID configuration - Detect
author: rodnt author: rodnt
severity: info severity: info
description: Keycloak Openid configuration information was detected. description: Keycloak Openid configuration information was detected.

View File

@ -1,7 +1,7 @@
id: keycloak-json id: keycloak-json
info: info:
name: Keycloak Json File name: Keycloak JSON file
author: oppsec author: oppsec
severity: info severity: info
tags: exposure,keycloak,config,files tags: exposure,keycloak,config,files

View File

@ -1,11 +1,11 @@
id: keycloak-workflow id: keycloak-workflow
info: info:
name: Keycloak Security Checks name: Keycloak security checks
author: daffainfo author: daffainfo
description: A simple workflow that runs all Keycloak related nuclei templates on a given target. description: A simple workflow that runs all Keycloak related nuclei templates on a given target.
workflows: workflows:
- template: exposed-panels/key-cloak-admin-panel.yaml - template: exposed-panels/keycloak-admin-panel.yaml
subtemplates: subtemplates:
- tags: keycloak - tags: keycloak