Description
A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An attacker can shadow other users with the same email and lockout or impersonate them.
Remediation
References
https://access.redhat.com/security/cve/CVE-2023-0105
Related Vulnerabilities
CVE-2011-4838 Vulnerability in maven package org.jruby:jruby-stdlib
CVE-2019-1003081 Vulnerability in maven package org.jenkins-ci.plugins:openshift-deployer
CVE-2014-0099 Vulnerability in maven package org.apache.tomcat:tomcat-util
CVE-2019-10327 Vulnerability in maven package org.jenkins-ci.plugins:pipeline-maven-parent
CVE-2020-1957 Vulnerability in maven package org.apache.shiro:shiro-web