CVE-2021-4133 Vulnerability in maven package org.keycloak:keycloak-services

Description

A flaw was found in Keycloak in versions from 12.0.0 and before 15.1.1 which allows an attacker with any existing user account to create new default user accounts via the administrative REST API even when new user registration is disabled.

Remediation

References

https://bugzilla.redhat.com/show_bug.cgi?id=2033602

https://github.com/keycloak/keycloak/issues/9247

https://github.com/keycloak/keycloak/security/advisories/GHSA-83x4-9cwr-5487

https://www.oracle.com/security-alerts/cpuapr2022.html

Related Vulnerabilities

CVE-2021-23639 Vulnerability in npm package md-to-pdf

CVE-2023-25569 Vulnerability in maven package com.ctrip.framework.apollo:apollo

CVE-2021-39185 Vulnerability in maven package org.http4s:http4s-server

CVE-2020-2194 Vulnerability in maven package io.jenkins.plugins:echarts-api

CVE-2018-14042 Vulnerability in maven package org.webjars.bowergithub.twbs:bootstrap

Severity

Critical

Classification

CWE-863 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H