Description
A flaw was found in Keycloak 7.0.1. A logged in user can do an account email enumeration attack.
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=1796281
https://issues.jboss.org/browse/KEYCLOAK-12014
Related Vulnerabilities
CVE-2022-0853 Vulnerability in maven package jboss:jboss-client
CVE-2023-41080 Vulnerability in maven package org.apache.tomcat:tomcat
CVE-2022-4375 Vulnerability in maven package net.mingsoft:ms-mcms
CVE-2021-36151 Vulnerability in maven package org.apache.gobblin:gobblin-core
CVE-2020-10748 Vulnerability in maven package org.keycloak:keycloak-server-spi-private