org.keycloak:keycloak-ldap-federation (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package org.keycloak:keycloak-ldap-federation, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (4)
CVE-2022-2232 — CVSS 7.5 (high): A flaw was found in the Keycloak package. This flaw allows an attacker to utilize an LDAP injection to bypass the username lookup or…
CVE-2025-13467 — CVSS 5.5 (medium): A flaw was found in the Keycloak LDAP User Federation provider. This vulnerability allows an authenticated realm administrator to trigger…
CVE-2025-0604 — CVSS 5.4 (medium): A flaw was found in Keycloak. When an Active Directory user resets their password, the system updates it without performing an LDAP bind to…
CVE-2024-5967 — CVSS 2.7 (low): A vulnerability was found in Keycloak. The LDAP testing endpoint allows changing the Connection URL independently without re-entering the…