Описание
A flaw was found in the reset credential flow in all Keycloak versions before 8.0.0. This flaw allows an attacker to gain unauthorized access to the application.
A flaw was found in the reset credential flow in Keycloak. This flaw allows an attacker to gain unauthorized access to the application.
Меры по смягчению последствий
Disable reset credential flow.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Fuse 7 | keycloak | Not affected | ||
| Red Hat OpenShift Application Runtimes | keycloak | Affected | ||
| Red Hat support for Spring Boot | keycloak | Affected | ||
| Red Hat Decision Manager 7 | keycloak | Fixed | RHSA-2020:3196 | 29.07.2020 |
| Red Hat Process Automation 7 | keycloak | Fixed | RHSA-2020:3197 | 29.07.2020 |
| Red Hat Runtimes Spring Boot 2.2.6 | keycloak | Fixed | RHSA-2020:2252 | 01.06.2020 |
| Red Hat Single Sign On 7.3.8 | Fixed | RHSA-2020:2112 | 12.05.2020 | |
| Red Hat Single Sign-On 7.3 for RHEL 6 | rh-sso7-keycloak | Fixed | RHSA-2020:2106 | 12.05.2020 |
| Red Hat Single Sign-On 7.3 for RHEL 7 | rh-sso7-keycloak | Fixed | RHSA-2020:2107 | 12.05.2020 |
| Red Hat Single Sign-On 7.3 for RHEL 8 | rh-sso7-keycloak | Fixed | RHSA-2020:2108 | 12.05.2020 |
Показывать по
10
Дополнительная информация
Статус:
Important
Дефект:
CWE-287
https://bugzilla.redhat.com/show_bug.cgi?id=1796756keycloak: security issue on reset credential flow
EPSS
Процентиль: 58%
0.00367
Низкий
8.8 High
CVSS3
Связанные уязвимости
CVSS3: 7.1
nvd
больше 5 лет назад
A flaw was found in the reset credential flow in all Keycloak versions before 8.0.0. This flaw allows an attacker to gain unauthorized access to the application.
CVSS3: 7.1
debian
больше 5 лет назад
A flaw was found in the reset credential flow in all Keycloak versions ...
EPSS
Процентиль: 58%
0.00367
Низкий
8.8 High
CVSS3