CVE-2021-3424

Опубликовано: 08 мар. 2021

Источник: redhat

CVSS3: 5.3

Описание

A flaw was found in keycloak as shipped in Red Hat Single Sign-On 7.4 where IDN homograph attacks are possible. A malicious user can register himself with a name already registered and trick admin to grant him extra privileges.

A flaw was found in keycloak, where IDN homograph attacks are possible. This flaw allows a malicious user to register a name that already exists and then tricking an admin to grant extra privileges. The highest threat from this vulnerability is to integrity.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Decision Manager 7	keycloak	Not affected
Red Hat Fuse 7	keycloak	Not affected
Red Hat Integration Camel K 1	keycloak	Not affected
Red Hat OpenShift Application Runtimes	keycloak	Not affected
Red Hat Process Automation 7	keycloak	Not affected
Red Hat support for Spring Boot	keycloak	Not affected
Red Hat Single Sign-On 7.4.7		Fixed	RHSA-2021:2070	20.05.2021
Red Hat Single Sign-On 7.4 for RHEL 6	rh-sso7-keycloak	Fixed	RHSA-2021:2063	20.05.2021
Red Hat Single Sign-On 7.4 for RHEL 7	rh-sso7-keycloak	Fixed	RHSA-2021:2064	20.05.2021
Red Hat Single Sign-On 7.4 for RHEL 8	rh-sso7-keycloak	Fixed	RHSA-2021:2065	20.05.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-287

https://bugzilla.redhat.com/show_bug.cgi?id=1933320keycloak: Internationalized domain name (IDN) homograph attack to impersonate users

5.3 Medium

CVSS3

Связанные уязвимости

CVE-2021-3424

CVSS3: 5.3

nvd

больше 4 лет назад

CVE-2021-3424

CVSS3: 5.3

debian

больше 4 лет назад

A flaw was found in keycloak as shipped in Red Hat Single Sign-On 7.4 ...

GHSA-pf38-cw3p-22q9

CVSS3: 5.3

github

почти 4 года назад

Keycloak is vulnerable to IDN homograph attack

5.3 Medium

CVSS3