Description
It was found that Keycloak's account console, up to 6.0.1, did not perform adequate header checks in some requests. An attacker could use this flaw to trick an authenticated user into performing operations via request from an untrusted domain.
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10199
Related Vulnerabilities
CVE-2023-28671 Vulnerability in maven package org.jenkinsci.plugins:octoperf
CVE-2022-1278 Vulnerability in maven package org.wildfly:wildfly-microprofile
CVE-2023-30531 Vulnerability in maven package org.jenkins-ci.plugins:consul-kv-builder
CVE-2022-0853 Vulnerability in maven package jboss:jboss-client
CVE-2015-1832 Vulnerability in maven package org.apache.derby:derby