Описание
It was found that Keycloak's account console, up to 6.0.1, did not perform adequate header checks in some requests. An attacker could use this flaw to trick an authenticated user into performing operations via request from an untrusted domain.
It was found that Keycloak's account console did not perform adequate header checks in some requests. An attacker could use this flaw to trick an authenticated user into performing operations via request from an untrusted domain.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Fuse 7 | keycloak | Will not fix | ||
| Red Hat Mobile Application Platform 4 | keycloak | Affected | ||
| Red Hat OpenShift Application Runtimes | keycloak | Out of support scope | ||
| Red Hat Single Sign-On 7 | rh-sso7-keycloak | Affected | ||
| Red Hat support for Spring Boot | keycloak | Affected | ||
| Red Hat Runtimes Spring Boot 2.1.12 | keycloak | Fixed | RHSA-2020:2366 | 04.06.2020 |
| Red Hat Single Sign-On 7.3.3 zip | Fixed | RHSA-2019:2483 | 13.08.2019 | |
| Text-Only RHOAR | Fixed | RHSA-2020:2067 | 18.05.2020 |
Показывать по
Дополнительная информация
Статус:
EPSS
4.6 Medium
CVSS3
Связанные уязвимости
It was found that Keycloak's account console, up to 6.0.1, did not perform adequate header checks in some requests. An attacker could use this flaw to trick an authenticated user into performing operations via request from an untrusted domain.
It was found that Keycloak's account console, up to 6.0.1, did not per ...
Improper Input Validation and Cross-Site Request Forgery in Keycloak
EPSS
4.6 Medium
CVSS3