Description

A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An attacker can shadow other users with the same email and lockout or impersonate them.

Remediation

References

https://access.redhat.com/security/cve/CVE-2023-0105

Related Vulnerabilities

CVE-2017-1000242 Vulnerability in maven package org.jenkins-ci.plugins:git-client

CVE-2017-5662 Vulnerability in maven package org.apache.xmlgraphics:batik-dom

CVE-2017-7661 Vulnerability in maven package org.apache.cxf.fediz:fediz-jetty8

CVE-2017-1000006 Vulnerability in npm package plotly.js

CVE-2023-24426 Vulnerability in maven package org.jenkins-ci.plugins:azure-ad

Severity

High

Classification

CWE-287 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Tags

Vendor Advisory