CVE-2023-0105

Description

A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An attacker can shadow other users with the same email and lockout or impersonate them.

Related CPE's

aredhatkeycloak-*******

aredhatsingle_sign-on7.0*******

References

https://access.redhat.com/security/cve/CVE-2023-0105

Vendor Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics
Created by Yello
About Severity.io