Описание
A flaw was found in Keycloak 7.0.1. A logged in user can do an account email enumeration attack.
Ссылки
- Issue TrackingVendor Advisory
- Issue TrackingPermissions RequiredVendor Advisory
- Issue TrackingVendor Advisory
- Issue TrackingPermissions RequiredVendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:redhat:keycloak:7.0.1:*:*:*:*:*:*:*
Конфигурация 2
Одно из
cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*
EPSS
Процентиль: 40%
0.00183
Низкий
2.7 Low
CVSS3
4 Medium
CVSS2
Дефекты
CWE-209
CWE-209
Связанные уязвимости
CVSS3: 2.7
redhat
почти 5 лет назад
A flaw was found in Keycloak 7.0.1. A logged in user can do an account email enumeration attack.
CVSS3: 2.7
debian
почти 5 лет назад
A flaw was found in Keycloak 7.0.1. A logged in user can do an account ...
CVSS3: 2.7
github
почти 4 года назад
Generation of Error Message Containing Sensitive Information in Keycloak
EPSS
Процентиль: 40%
0.00183
Низкий
2.7 Low
CVSS3
4 Medium
CVSS2
Дефекты
CWE-209
CWE-209