Описание
A flaw was found in Keycloak in versions before 9.0.2. This flaw allows a malicious user that is currently logged in, to see the personal information of a previously logged out user in the account manager section.
Ссылки
- Issue TrackingVendor Advisory
- Issue TrackingVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 9.0.2 (исключая)
cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*
Конфигурация 2
Одно из
cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*
EPSS
Процентиль: 34%
0.00136
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-613
CWE-613
Связанные уязвимости
CVSS3: 4.3
redhat
почти 6 лет назад
A flaw was found in Keycloak in versions before 9.0.2. This flaw allows a malicious user that is currently logged in, to see the personal information of a previously logged out user in the account manager section.
CVSS3: 4.3
debian
больше 5 лет назад
A flaw was found in Keycloak in versions before 9.0.2. This flaw allow ...
EPSS
Процентиль: 34%
0.00136
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-613
CWE-613