Описание
A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An attacker can shadow other users with the same email and lockout or impersonate them.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:a:redhat:keycloak:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*
EPSS
Процентиль: 42%
0.00203
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-287
CWE-287
Связанные уязвимости
CVSS3: 6.3
redhat
около 3 лет назад
A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An attacker can shadow other users with the same email and lockout or impersonate them.
CVSS3: 6.5
debian
около 3 лет назад
A flaw was found in Keycloak. This flaw allows impersonation and locko ...
CVSS3: 6.5
github
больше 2 лет назад
Keycloak: Impersonation and lockout possible through incorrect handling of email trust
EPSS
Процентиль: 42%
0.00203
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-287
CWE-287