[Snyk] Fix for 8 vulnerabilities

[vzakharchenko]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • keycloak-plugins/pom.xml

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Upgrade	Breaking Change	Exploit Maturity
	626/1000 Why? Recently disclosed, Has a fix available, CVSS 6.8	Missing Critical Step in Authentication SNYK-JAVA-ORGKEYCLOAK-6616016	org.keycloak:keycloak-authz-policy-common: 21.0.0 -> 24.0.3 org.keycloak:keycloak-kerberos-federation: 21.0.0 -> 24.0.3 org.keycloak:keycloak-ldap-federation: 21.0.0 -> 24.0.3 org.keycloak:keycloak-model-infinispan: 21.0.0 -> 24.0.3 org.keycloak:keycloak-model-jpa: 21.0.0 -> 24.0.3 org.keycloak:keycloak-server-spi-private: 21.0.0 -> 24.0.3 org.keycloak:keycloak-services: 21.0.0 -> 24.0.3	Yes	No Known Exploit
	626/1000 Why? Recently disclosed, Has a fix available, CVSS 6.8	Missing Critical Step in Authentication SNYK-JAVA-ORGKEYCLOAK-6616017	org.keycloak:keycloak-ldap-federation: 21.0.0 -> 24.0.3 org.keycloak:keycloak-model-jpa: 21.0.0 -> 24.0.3 org.keycloak:keycloak-services: 21.0.0 -> 24.0.3	Yes	No Known Exploit
	556/1000 Why? Recently disclosed, Has a fix available, CVSS 5.4	Authorization Bypass Through User-Controlled Key SNYK-JAVA-ORGKEYCLOAK-6618054	org.keycloak:keycloak-ldap-federation: 21.0.0 -> 24.0.3 org.keycloak:keycloak-model-jpa: 21.0.0 -> 24.0.3 org.keycloak:keycloak-services: 21.0.0 -> 24.0.3	Yes	No Known Exploit
	641/1000 Why? Recently disclosed, Has a fix available, CVSS 7.1	Open Redirect SNYK-JAVA-ORGKEYCLOAK-6618058	org.keycloak:keycloak-ldap-federation: 21.0.0 -> 24.0.3 org.keycloak:keycloak-model-jpa: 21.0.0 -> 24.0.3 org.keycloak:keycloak-services: 21.0.0 -> 24.0.3	Yes	No Known Exploit
	556/1000 Why? Recently disclosed, Has a fix available, CVSS 5.4	Authentication Bypass SNYK-JAVA-ORGKEYCLOAK-6618060	org.keycloak:keycloak-ldap-federation: 21.0.0 -> 24.0.3 org.keycloak:keycloak-model-jpa: 21.0.0 -> 24.0.3 org.keycloak:keycloak-services: 21.0.0 -> 24.0.3	Yes	No Known Exploit
	656/1000 Why? Recently disclosed, Has a fix available, CVSS 7.4	Cross-site Scripting (XSS) SNYK-JAVA-ORGKEYCLOAK-6618061	org.keycloak:keycloak-ldap-federation: 21.0.0 -> 24.0.3 org.keycloak:keycloak-model-jpa: 21.0.0 -> 24.0.3 org.keycloak:keycloak-services: 21.0.0 -> 24.0.3	Yes	No Known Exploit
	656/1000 Why? Recently disclosed, Has a fix available, CVSS 7.4	Origin Validation Error SNYK-JAVA-ORGKEYCLOAK-6631362	org.keycloak:keycloak-ldap-federation: 21.0.0 -> 24.0.3 org.keycloak:keycloak-model-jpa: 21.0.0 -> 24.0.3 org.keycloak:keycloak-services: 21.0.0 -> 24.0.3	Yes	No Known Exploit
	526/1000 Why? Recently disclosed, Has a fix available, CVSS 4.8	Improper Input Validation SNYK-JAVA-ORGKEYCLOAK-6645310	org.keycloak:keycloak-ldap-federation: 21.0.0 -> 24.0.3 org.keycloak:keycloak-model-jpa: 21.0.0 -> 24.0.3 org.keycloak:keycloak-services: 21.0.0 -> 24.0.3	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Open Redirect
🦉 Authentication Bypass
🦉 Cross-site Scripting (XSS)
🦉 More lessons are available in Snyk Learn

[codeclimate]

Code Climate has analyzed commit 5ea1225 and detected 0 issues on this pull request.

View more on Code Climate.