GHSA-vhvq-jh34-3fc8 – org.keycloak:keycloak-core

Package

Manager: maven
Name: org.keycloak:keycloak-core
Vulnerable Version: <0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

CVSS v4.0: N/A

EPSS: N/A pctlN/A

Details

Duplicate Advisory: Keycloak allows impersonation and lockout due to email trust not being handled correctly ## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-c7xw-p58w-h6fj. This link is maintained to preserve external references. ## Original Description A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An attacker can shadow other users with the same email and lockout or impersonate them.

Metadata

Created: 2023-01-13T06:30:22Z
Modified: 2023-07-18T18:16:45Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/01/GHSA-vhvq-jh34-3fc8/GHSA-vhvq-jh34-3fc8.json
CWE IDs: ["CWE-287", "CWE-841"]
Alternative ID: N/A
Finding: N/A
Auto approve: 0