Описание
A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an attacker to delete arbitrary single-use entries, which can enable the replay of consumed action tokens, such as password reset links. This could lead to unauthorized access or account compromise.
EPSS
5.3 Medium
CVSS3
Дефекты
Связанные уязвимости
A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an attacker to delete arbitrary single-use entries, which can enable the replay of consumed action tokens, such as password reset links. This could lead to unauthorized access or account compromise.
A flaw was found in Keycloak. The SingleUseObjectProvider, a global ke ...
Keycloak: Replay of action tokens via improper handling of single-use entries
EPSS
5.3 Medium
CVSS3