Описание
A flaw was found in Keycloak before version 12.0.0 where it is possible to update the user's metadata attributes using Account REST API. This flaw allows an attacker to change its own NameID attribute to impersonate the admin user for any particular application.
Дополнительная информация
Статус:
Low
Дефект:
CWE-250
https://bugzilla.redhat.com/show_bug.cgi?id=1905089keycloak: Account REST API can update user metadata attributes
EPSS
Процентиль: 38%
0.00166
Низкий
4.2 Medium
CVSS3
Связанные уязвимости
CVSS3: 4.2
nvd
больше 4 лет назад
A flaw was found in Keycloak before version 12.0.0 where it is possible to update the user's metadata attributes using Account REST API. This flaw allows an attacker to change its own NameID attribute to impersonate the admin user for any particular application.
CVSS3: 4.2
debian
больше 4 лет назад
A flaw was found in Keycloak before version 12.0.0 where it is possibl ...
EPSS
Процентиль: 38%
0.00166
Низкий
4.2 Medium
CVSS3