Description

A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An attacker can shadow other users with the same email and lockout or impersonate them.

Remediation

References

https://access.redhat.com/security/cve/CVE-2023-0105

Related Vulnerabilities

CVE-2023-36479 Vulnerability in maven package org.eclipse.jetty.ee10:jetty-ee10-servlets

CVE-2022-41243 Vulnerability in maven package com.smalltest:smalltest

CVE-2011-1582 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

CVE-2020-2289 Vulnerability in maven package org.biouno:uno-choice

CVE-2019-3875 Vulnerability in maven package org.keycloak:keycloak-services

Severity

High

Classification

CWE-287 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Tags

Vendor Advisory