Description

A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An attacker can shadow other users with the same email and lockout or impersonate them.

Remediation

References

https://access.redhat.com/security/cve/CVE-2023-0105

Related Vulnerabilities

CVE-2018-0114 Vulnerability in npm package node-jose

CVE-2023-25764 Vulnerability in maven package org.jenkins-ci.plugins:email-ext

CVE-2020-1929 Vulnerability in maven package org.apache.beam:beam-sdks-java-io-mongodb

CVE-2023-25499 Vulnerability in maven package com.vaadin:vaadin

CVE-2020-2120 Vulnerability in maven package org.jenkins-ci.plugins:fitnesse

Severity

High

Classification

CWE-287 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Tags

Vendor Advisory