CVE-2021-20222 – org.keycloak:keycloak-parent

Package

Manager: maven
Name: org.keycloak:keycloak-parent
Vulnerable Version: >=9.0.0 <12.0.3

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00511 pctl0.65453

Details

Code injection in keycloak A flaw was found in keycloak. The new account console in keycloak can allow malicious code to be executed using the referrer URL. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Metadata

Created: 2021-05-13T22:29:51Z
Modified: 2021-03-24T23:54:00Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/05/GHSA-2mq8-99q7-55wx/GHSA-2mq8-99q7-55wx.json
CWE IDs: ["CWE-20", "CWE-79"]
Alternative ID: GHSA-2mq8-99q7-55wx
Finding: F008
Auto approve: 1