CVE-2021-4133

Опубликовано: 25 янв. 2022

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

A flaw was found in Keycloak in versions from 12.0.0 and before 15.1.1 which allows an attacker with any existing user account to create new default user accounts via the administrative REST API even when new user registration is disabled.

Ссылки

https://bugzilla.redhat.com/show_bug.cgi?id=2033602
Issue Tracking
Third Party Advisory
https://github.com/keycloak/keycloak/issues/9247
Third Party Advisory
https://github.com/keycloak/keycloak/security/advisories/GHSA-83x4-9cwr-5487
Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html
Not Applicable
https://bugzilla.redhat.com/show_bug.cgi?id=2033602
Issue Tracking
Third Party Advisory
https://github.com/keycloak/keycloak/issues/9247
Third Party Advisory
https://github.com/keycloak/keycloak/security/advisories/GHSA-83x4-9cwr-5487
Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html
Not Applicable

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*

Версия от 12.0.0 (включая) до 15.1.1 (исключая)

EPSS

Процентиль: 57%

0.00352

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-863

Связанные уязвимости

CVE-2021-4133

CVSS3: 8.3

redhat

около 4 лет назад

CVE-2021-4133

CVSS3: 8.8

debian

около 4 лет назад

A flaw was found in Keycloak in versions from 12.0.0 and before 15.1.1 ...

GHSA-83x4-9cwr-5487

CVSS3: 8.8

github

около 4 лет назад

Improper Authorization in Keycloak

EPSS

Процентиль: 57%

0.00352

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-863