Описание
A flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Issue Tracking
Уязвимые конфигурации
Конфигурация 1Версия от 26.0 (включая) до 26.0.11 (исключая)
cpe:2.3:a:redhat:build_of_keycloak:*:*:*:*:text-only:*:*:*
EPSS
Процентиль: 4%
0.00022
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-287
Связанные уязвимости
CVSS3: 5.4
redhat
4 месяца назад
A flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication.
CVSS3: 5.4
debian
4 месяца назад
A flaw was found in Keycloak. The org.keycloak.authorization package m ...
CVSS3: 5.4
github
4 месяца назад
Keycloak vulnerable to two factor authentication bypass
EPSS
Процентиль: 4%
0.00022
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-287