GHSA-mwm4-5qwr-g9pf

Опубликовано: 28 апр. 2022

Источник: github

Github: Прошло ревью

Описание

Keycloak is vulnerable to IDN homograph attack

A flaw was found in keycloak, where IDN homograph attacks are possible. This flaw allows a malicious user to register a name that already exists and then tricking an admin to grant extra privileges. The highest threat from this vulnerability is to integrity.

Ссылки

https://github.com/keycloak/keycloak/security/advisories/GHSA-mwm4-5qwr-g9pf
https://github.com/keycloak/keycloak/commit/ac79fd0c23c6947a04073afc61e30d341498438e

Пакеты

Наименование

org.keycloak:keycloak-services

maven

Затронутые версииВерсия исправления

< 18.0.0

18.0.0

Дефекты

CWE-284

Дефекты

CWE-284