Description

A flaw was found in keycloak. The new account console in keycloak can allow malicious code to be executed using the referrer URL. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Remediation

References

https://bugzilla.redhat.com/show_bug.cgi?id=1924606

Related Vulnerabilities

CVE-2021-24122 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

CVE-2019-1003065 Vulnerability in maven package org.jenkins-ci.plugins:cloudshare-docker

CVE-2023-24436 Vulnerability in maven package org.jenkins-ci.plugins:ghprb

CVE-2018-1002204 Vulnerability in maven package org.webjars:adm-zip

CVE-2019-16540 Vulnerability in maven package org.jenkins-ci.plugins:support-core

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Issue Tracking Vendor Advisory