Description

It was found that Keycloak's account console, up to 6.0.1, did not perform adequate header checks in some requests. An attacker could use this flaw to trick an authenticated user into performing operations via request from an untrusted domain.

Remediation

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10199

Related Vulnerabilities

CVE-2022-25205 Vulnerability in maven package org.jenkins-ci.plugins:dbcharts

CVE-2021-29943 Vulnerability in maven package org.apache.solr:solr-core

CVE-2022-46682 Vulnerability in maven package org.jenkins-ci.plugins:plot

CVE-2022-47500 Vulnerability in maven package org.apache.helix:helix-front

CVE-2023-4302 Vulnerability in maven package org.jenkins-ci.plugins:fortify

Severity

Critical

Classification

CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Issue Tracking Vendor Advisory