Red Hat Rhosemc
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Red Hat Rhosemc.
By the Year
In 2026 there have been 0 vulnerabilities in Red Hat Rhosemc. Last year, in 2025 Rhosemc had 4 security vulnerabilities published. Right now, Rhosemc is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 4 | 5.93 |
| 2024 | 13 | 6.50 |
| 2023 | 6 | 6.00 |
It may take a day or so for new Rhosemc vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Rhosemc Security Vulnerabilities
AMQ Broker Container Priv Esc via /etc/passwd Group-Writable
CVE-2025-58712
5.2 - Medium
- October 22, 2025
A container privilege escalation flaw was found in certain AMQ Broker images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.
Incorrect Default Permissions
Operator SDK <0.15.2 RCE via insecure user_setup /etc/passwd
CVE-2025-7195
5.2 - Medium
- August 07, 2025
Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, user_setup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used Operator-SDK before 0.15.2 to scaffold their operator may still be impacted by this if the insecure user_setup script is still being used to build new container images. In affected images, the /etc/passwd file is created during build time with group-writable permissions and a group ownership of root (gid=0). An attacker who can execute commands within an affected container, even as a non-root user, may be able to leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.
Incorrect Default Permissions
PAM Namespace Race: Local Priv Escal via Symlinks in linux-pam
CVE-2025-6020
7.8 - High
- June 17, 2025
A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.
Directory traversal
ActiveMQ Artemis: Operator Password Persistence Across CR Dependencies
CVE-2025-4057
5.5 - Medium
- May 26, 2025
A flaw was found in ActiveMQ Artemis. The password generated by activemq-artemis-operator does not regenerate between separated CR dependencies.
1391
XSS in WildFly Deployment System Enables RCE
CVE-2024-10234
6.1 - Medium
- October 22, 2024
A vulnerability was found in Wildfly, where a user may perform Cross-site scripting in the Wildfly deployment system. This flaw allows an attacker or insider to execute a deployment with a malicious payload, which could trigger undesired behavior against the server.
XSS
Keycloak XMLSignatureUtil flaw: SAML sig validation bypass for privilege escalation
CVE-2024-8698
7.7 - High
- September 19, 2024
A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Reference element used to specify the signed element. This flaw allows attackers to create crafted responses that can bypass the validation, potentially leading to privilege escalation or impersonation attacks.
Improper Verification of Cryptographic Signature
Keycloak Redirect URI: http://localhost Misconfig allows session hijack
CVE-2024-8883
6.1 - Medium
- September 19, 2024
A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking.
Open Redirect
Keycloak SAML adapters: session fixation via stale JSESSIONID cookie
CVE-2024-7341
7.1 - High
- September 09, 2024
A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin option is configured. This flaw allows an attacker who hijacks the current session before authentication to trigger session fixation.
Session Fixation
Keycloak Login Timing Bypass Allows Exceeding Brute Force Limits
CVE-2024-4629
6.5 - Medium
- September 03, 2024
A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating multiple login requests simultaneously, attackers can exceed the configured limits for failed attempts before the system locks them out. This timing loophole enables attackers to make more guesses at passwords than intended, potentially compromising account security on affected systems.
Improper Enforcement of a Single, Unique Action
Keycloak LDAP Endpoint: Admin Can Flip Connection URL to Steal Bind Creds
CVE-2024-5967
2.7 - Low
- June 18, 2024
A vulnerability was found in Keycloak. The LDAP testing endpoint allows changing the Connection URL independently without re-entering the currently configured LDAP bind credentials. This flaw allows an attacker with admin access (permission manage-realm) to change the LDAP host URL ("Connection URL") to a machine they control. The Keycloak server will connect to the attacker's host and try to authenticate with the configured credentials, thus leaking them to the attacker. As a consequence, an attacker who has compromised the admin console or compromised a user with sufficient privileges can leak domain credentials and attack the domain.
Incorrect Default Permissions
Keycloak PAR Cookie Plaintext Disclosure (CVE20244540)
CVE-2024-4540
7.5 - High
- June 03, 2024
A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests (PAR). Client-provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization server's HTTP response to a `request_uri` authorization request, possibly leading to an information disclosure vulnerability.
Information Disclosure
Keycloak DCR RegEx flaw enables unauthorized client registration
CVE-2023-6544
5.4 - Medium
- April 25, 2024
A flaw was found in the Keycloak package. This issue occurs due to a permissive regular expression hardcoded for filtering which allows hosts to register a dynamic client. A malicious user with enough information about the environment could jeopardize an environment with this specific Dynamic Client Registration and TrustedDomain configuration previously unauthorized.
Permissive Regular Expression
Keycloak Log Injection via WebAuthn Auth Form
CVE-2023-6484
5.3 - Medium
- April 25, 2024
A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity.
Improper Output Neutralization for Logs
Keycloak OIDC checkLoginIframe DoS via unvalidated cross-origin messages
CVE-2024-1249
7.4 - High
- April 17, 2024
A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origin validation for incoming messages.
Origin Validation Error
Keycloak Redirect URI Validation Bypass via Wildcard URIs
CVE-2024-1132
8.1 - High
- April 17, 2024
A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field, and requires user interaction within the malicious URL.
Directory traversal
Undertow WriteTimeoutStreamSinkConduit Causing Memory/File Exhaustion
CVE-2024-1635
7.5 - High
- February 19, 2024
A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available. At HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting ServerConnectionOpenListener. Because the remoting connection originates in Undertow as part of the HTTP upgrade, there is an external layer to the remoting connection. This connection is unaware of the outermost layer when closing the connection during the connection opening procedure. Hence, the Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection in this scenario. Because WriteTimeoutStreamSinkConduit creates a timeout task, the whole dependency tree leaks via that task, which is added to XNIO WorkerThread. So, the workerThread points to the Undertow conduit, which contains the connections and causes the leak.
Resource Exhaustion
Keycloak Redirect URI Validation Bypass Token Theft
CVE-2023-6291
7.1 - High
- January 26, 2024
A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.
Open Redirect
Keycloak JARM form_post.jwt Wildcard Exploit Leaks Auth Tokens
CVE-2023-6927
4.6 - Medium
- December 18, 2023
A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode "form_post.jwt" which could be used to bypass the security patch implemented to address CVE-2023-6134.
Open Redirect
Keycloak Redirect Scheme Bypass Allows XSS via Wildcard Token
CVE-2023-6134
4.6 - Medium
- December 14, 2023
A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748.
XSS
Keycloak UI DoS via Offline Session Memory Exhaustion
CVE-2023-6563
7.7 - High
- December 14, 2023
An unconstrained memory consumption vulnerability was discovered in Keycloak. It can be triggered in environments which have millions of offline tokens (> 500,000 users with each having at least 2 saved sessions). If an attacker creates two or more user sessions and then open the "consents" tab of the admin User Interface, the UI attempts to load a huge number of offline client sessions leading to excessive memory and CPU consumption which could potentially crash the entire system.
Allocation of Resources Without Limits or Throttling
Red Hat AMQ Broker Exposes Passwords in StatefulSet YAML (CVE20234066)
CVE-2023-4066
5.5 - Medium
- September 27, 2023
A flaw was found in Red Hat's AMQ Broker, which stores certain passwords in a secret security-properties-prop-module, defined in ActivemqArtemisSecurity CR; however, they are shown in plaintext in the StatefulSet details yaml of AMQ Broker.
Cleartext Storage in a File or on Disk
AuthN Local Attacker Exposes Plain-Text Password In Log of RedHat AMQ Broker Operator
CVE-2023-4065
5.5 - Medium
- September 27, 2023
A flaw was found in Red Hat AMQ Broker Operator, where it displayed a password defined in ActiveMQArtemisAddress CR, shown in plain text in the Operator Log. This flaw allows an authenticated local attacker to access information outside of their permissions.
Improper Output Neutralization for Logs
Quarkus HTTP Security Policy Bypass via Unsanitized Character Permutations
CVE-2023-4853
8.1 - High
- September 20, 2023
A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized endpoint access and possibly a denial of service.
Improper Neutralization of Input Leaders
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat Rhosemc or by Red Hat? Click the Watch button to subscribe.
