Описание
JBoss KeyCloak is vulnerable to soft token deletion via CSRF
It was discovered that JBoss KeyCloak's soft token removal endpoint was vulnerable to Cross-Site Request Forgery (CSRF) attacks. A remote attacker could provide a specially crafted web page that, when visited by a user authenticated by KeyCloak, could allow the attacker to remove a soft token registerd to the user.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss Enterprise Web Server 1 | mobile | Fix deferred |
Показывать по
10
Дополнительная информация
Статус:
Low
Дефект:
CWE-352
https://bugzilla.redhat.com/show_bug.cgi?id=1144817KeyCloak: Soft Token deletion via CSRF
EPSS
Процентиль: 40%
0.00183
Низкий
4.3 Medium
CVSS2
Связанные уязвимости
CVSS3: 4.3
nvd
больше 5 лет назад
JBoss KeyCloak is vulnerable to soft token deletion via CSRF
CVSS3: 4.3
github
около 3 лет назад
JBoss KeyCloak is vulnerable to soft token deletion via CSRF
EPSS
Процентиль: 40%
0.00183
Низкий
4.3 Medium
CVSS2