Description
It was found that Keycloak's account console, up to 6.0.1, did not perform adequate header checks in some requests. An attacker could use this flaw to trick an authenticated user into performing operations via request from an untrusted domain.
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10199
Related Vulnerabilities
CVE-2023-28155 Vulnerability in maven package org.webjars:request
CVE-2019-16568 Vulnerability in maven package hudson.plugins.sctmexecutor:sctmexecutor
CVE-2017-2651 Vulnerability in maven package org.jenkins-ci.plugins:mailer
CVE-2017-2670 Vulnerability in maven package io.undertow:undertow-core
CVE-2023-45818 Vulnerability in maven package org.webjars.npm:tinymce