Описание
A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An attacker can shadow other users with the same email and lockout or impersonate them.
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-841
https://bugzilla.redhat.com/show_bug.cgi?id=2158910keycloak: impersonation and lockout possible through incorrect handling of email trust
EPSS
Процентиль: 42%
0.00203
Низкий
6.3 Medium
CVSS3
Связанные уязвимости
CVSS3: 6.5
nvd
около 3 лет назад
A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An attacker can shadow other users with the same email and lockout or impersonate them.
CVSS3: 6.5
debian
около 3 лет назад
A flaw was found in Keycloak. This flaw allows impersonation and locko ...
CVSS3: 6.5
github
больше 2 лет назад
Keycloak: Impersonation and lockout possible through incorrect handling of email trust
EPSS
Процентиль: 42%
0.00203
Низкий
6.3 Medium
CVSS3