Описание
A flaw was found in keycloak. The new account console in keycloak can allow malicious code to be executed using the referrer URL. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Ссылки
- Issue TrackingVendor Advisory
- Issue TrackingVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 9.0.0 (включая) до 13.0.0 (исключая)
cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*
EPSS
Процентиль: 63%
0.0044
Низкий
7.5 High
CVSS3
5.1 Medium
CVSS2
Дефекты
CWE-20
CWE-79
Связанные уязвимости
CVSS3: 8.3
redhat
почти 5 лет назад
A flaw was found in keycloak. The new account console in keycloak can allow malicious code to be executed using the referrer URL. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSS3: 7.5
debian
почти 5 лет назад
A flaw was found in keycloak. The new account console in keycloak can ...
EPSS
Процентиль: 63%
0.0044
Низкий
7.5 High
CVSS3
5.1 Medium
CVSS2
Дефекты
CWE-20
CWE-79