Описание
A flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Issue Tracking
Уязвимые конфигурации
Конфигурация 1Версия от 26.0 (включая) до 26.0.11 (исключая)
cpe:2.3:a:redhat:build_of_keycloak:*:*:*:*:text-only:*:*:*
EPSS
Процентиль: 5%
0.0002
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-287
Связанные уязвимости
CVSS3: 5.4
redhat
8 месяцев назад
A flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication.
CVSS3: 5.4
debian
8 месяцев назад
A flaw was found in Keycloak. The org.keycloak.authorization package m ...
CVSS3: 5.4
github
8 месяцев назад
Keycloak vulnerable to two factor authentication bypass
EPSS
Процентиль: 5%
0.0002
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-287