Описание
A flaw was found in Keycloak 7.0.1. A logged in user can do an account email enumeration attack.
A flaw was found in keycloak. An attacker could use the change email function in the account settings to determine if an email address was already used for another account (an account enumeration attack). The highest threat from this flaw is to data confidentiality.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Fuse 7 | keycloak | Affected | ||
| Red Hat OpenShift Application Runtimes | keycloak | Affected | ||
| Red Hat Single Sign-On 7 | rh-sso7-keycloak | Affected | ||
| Red Hat support for Spring Boot | keycloak | Fix deferred |
Показывать по
10
Дополнительная информация
Статус:
Low
Дефект:
CWE-209
https://bugzilla.redhat.com/show_bug.cgi?id=1796281Keycloak: A logged in user can do an account email enumeration attack
2.7 Low
CVSS3
Связанные уязвимости
CVSS3: 2.7
nvd
почти 5 лет назад
A flaw was found in Keycloak 7.0.1. A logged in user can do an account email enumeration attack.
CVSS3: 2.7
debian
почти 5 лет назад
A flaw was found in Keycloak 7.0.1. A logged in user can do an account ...
CVSS3: 2.7
github
почти 4 года назад
Generation of Error Message Containing Sensitive Information in Keycloak
2.7 Low
CVSS3