Описание
A flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or key when there is not a device already registered for any user by using the WebAuthn password-less login flow.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Decision Manager 7 | keycloak | Not affected | ||
| Red Hat Fuse 7 | keycloak | Not affected | ||
| Red Hat Integration Camel K 1 | keycloak | Not affected | ||
| Red Hat OpenShift Application Runtimes | keycloak | Not affected | ||
| Red Hat Process Automation 7 | keycloak | Not affected | ||
| Red Hat support for Spring Boot | keycloak | Not affected | ||
| Red Hat Single Sign-On 7.4.9 | Fixed | RHSA-2021:3534 | 14.09.2021 | |
| Red Hat Single Sign-On 7.4 for RHEL 6 | rh-sso7-keycloak | Fixed | RHSA-2021:3527 | 14.09.2021 |
| Red Hat Single Sign-On 7.4 for RHEL 7 | rh-sso7-keycloak | Fixed | RHSA-2021:3528 | 14.09.2021 |
| Red Hat Single Sign-On 7.4 for RHEL 8 | rh-sso7-keycloak | Fixed | RHSA-2021:3529 | 14.09.2021 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
A flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or key when there is not a device already registered for any user by using the WebAuthn password-less login flow.
A flaw was found in Keycloak. This vulnerability allows anyone to regi ...
Keycloak allows anyone to register new security device or key for any user by using WebAuthn password-less login flow
Уязвимость программного средства для управления идентификацией и доступом Keycloak, связанная с недостатками механизма аутентификации WebAuthn, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
EPSS
7.5 High
CVSS3