[GHSA-rg35-5v25-mqvp] Keycloak vulnerable to session takeovers due to reuse of session identifiers #6400

levpachmanov · 2025-11-08T11:09:46Z

Updates

Affected products

Comments
According to Snyk it was fixed in 26.0.0 - https://security.snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-13743318
And it matches the fact that the fixing commit is already present in that version - keycloak/keycloak@b46fab2

advisory-database · 2025-11-12T16:00:28Z

Hi @levpachmanov! Thank you so much for contributing to the GitHub Advisory Database. This database is free, open, and accessible to all, and it's people like you who make it great. Thanks for choosing to help others. We hope you send in more contributions in the future!

Improve GHSA-rg35-5v25-mqvp

2c34845

github-actions bot changed the base branch from main to levpachmanov/advisory-improvement-6400 November 8, 2025 11:10

advisory-database bot merged commit 3715ed8 into levpachmanov/advisory-improvement-6400 Nov 12, 2025
4 checks passed

advisory-database bot deleted the levpachmanov-GHSA-rg35-5v25-mqvp branch November 12, 2025 16:00

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[GHSA-rg35-5v25-mqvp] Keycloak vulnerable to session takeovers due to reuse of session identifiers #6400

[GHSA-rg35-5v25-mqvp] Keycloak vulnerable to session takeovers due to reuse of session identifiers #6400

Uh oh!

levpachmanov commented Nov 8, 2025

Uh oh!

Uh oh!

advisory-database bot commented Nov 12, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

[GHSA-rg35-5v25-mqvp] Keycloak vulnerable to session takeovers due to reuse of session identifiers #6400

[GHSA-rg35-5v25-mqvp] Keycloak vulnerable to session takeovers due to reuse of session identifiers #6400

Uh oh!

Conversation

levpachmanov commented Nov 8, 2025

Uh oh!

Uh oh!

advisory-database bot commented Nov 12, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants