GHSA-vhvq-jh34-3fc8

Опубликовано: 13 янв. 2023

Источник: github

Github: Прошло ревью

CVSS3: 6.5

Описание

Duplicate Advisory: Keycloak allows impersonation and lockout due to email trust not being handled correctly

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-c7xw-p58w-h6fj. This link is maintained to preserve external references.

Original Description

A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An attacker can shadow other users with the same email and lockout or impersonate them.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2023-0105
https://access.redhat.com/security/cve/CVE-2023-0105
https://bugzilla.redhat.com/show_bug.cgi?id=2158910

Пакеты

Наименование

org.keycloak:keycloak-core

maven

Затронутые версииВерсия исправления

<= 20.0.2

Отсутствует

6.5 Medium

CVSS3

Дефекты

CWE-287

CWE-841

6.5 Medium

CVSS3

Дефекты

CWE-287

CWE-841