Description

A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An attacker can shadow other users with the same email and lockout or impersonate them.

Related CPE's

a

redhat

keycloak

-

Vulnerable

a

redhat

single_sign-on

7.0

References

https://access.redhat.com/security/cve/CVE-2023-0105

Vendor Advisory

Weaknesses

[email protected]

Primary
CWE-287

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

6.5 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2023-01-13T06:15:11.983

2 years ago

Last modified

2023-01-23T18:31:10.593

2 years ago