Описание
Duplicate Advisory: Keycloak vulnerable to two factor authentication bypass
Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-5jfq-x6xp-7rw2. This link is maintained to preserve external references.
Original Description
A flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication.
Пакеты
Наименование
org.keycloak:keycloak-services
maven
Затронутые версииВерсия исправления
< 26.2.2
26.2.2
5.4 Medium
CVSS3
Дефекты
CWE-287
5.4 Medium
CVSS3
Дефекты
CWE-287