Changes made to bug 1386729

Back to bug 1386729

Who	When	What	Removed	Added
Chess Hazlett	2016-10-19 14:15:54 UTC	CC		security-response-team
Chess Hazlett	2016-10-19 14:15:57 UTC	Blocks		1386413
Chess Hazlett	2016-10-19 15:56:16 UTC	Doc Text		It was found that the keycloak admin interface did not implement authentication flow correctly. An attacker could use this flaw to construct a phishing URL, from which he could hijack the user's admin session. This could lead to information disclosure, or permit further possible attacks.
Chess Hazlett	2016-10-19 15:59:32 UTC	Doc Text	It was found that the keycloak admin interface did not implement authentication flow correctly. An attacker could use this flaw to construct a phishing URL, from which he could hijack the user's admin session. This could lead to information disclosure, or permit further possible attacks.	It was found that the keycloak did not implement authentication flow correctly. An attacker could use this flaw to construct a phishing URL, from which he could hijack the user's session. This could lead to information disclosure, or permit further possible attacks.
Chess Hazlett	2016-10-19 16:02:03 UTC	Fixed In Version		keycloak 2.3.0
Chess Hazlett	2016-10-20 13:24:24 UTC	Alias		CVE-2016-8609
Chess Hazlett	2016-10-20 13:24:26 UTC	Summary	EMBARGOED keycloak: account hijacking via auth code fixation	EMBARGOED CVE-2016-8609 keycloak: account hijacking via auth code fixation
Chess Hazlett	2016-12-12 20:42:04 UTC	Whiteboard	impact=moderate,public=no,reported=20161017,source=upstream,cvss2=4.9/AV:N/AC:M/Au:S/C:P/I:P/A:N,rhsso-7/keycloak=affected	impact=moderate,public=no,reported=20161017,source=upstream,cvss2=4.9/AV:N/AC:M/Au:S/C:P/I:P/A:N,cvss3=3.7/CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N,rhsso-7/keycloak=affected
Chess Hazlett	2016-12-12 20:56:29 UTC	CC		cobrien
Chess Hazlett	2016-12-13 18:38:09 UTC	Whiteboard	impact=moderate,public=no,reported=20161017,source=upstream,cvss2=4.9/AV:N/AC:M/Au:S/C:P/I:P/A:N,cvss3=3.7/CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N,rhsso-7/keycloak=affected	impact=moderate,public=no,reported=20161017,source=upstream,cvss2=4.9/AV:N/AC:M/Au:S/C:P/I:P/A:N,cvss3=3.7/CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N,cwe=CWE-384,rhsso-7/keycloak=affected
Chess Hazlett	2016-12-13 19:22:26 UTC	Whiteboard	impact=moderate,public=no,reported=20161017,source=upstream,cvss2=4.9/AV:N/AC:M/Au:S/C:P/I:P/A:N,cvss3=3.7/CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N,cwe=CWE-384,rhsso-7/keycloak=affected	impact=moderate,public=20161213,reported=20161017,source=upstream,cvss2=4.9/AV:N/AC:M/Au:S/C:P/I:P/A:N,cvss3=3.7/CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N,cwe=CWE-384,rhsso-7/keycloak=affected
Chess Hazlett	2016-12-13 19:22:28 UTC	Summary	EMBARGOED CVE-2016-8609 keycloak: account hijacking via auth code fixation	CVE-2016-8609 keycloak: account hijacking via auth code fixation
Chess Hazlett	2016-12-13 19:22:30 UTC	Group	security, qe_staff
Jason Shepherd	2017-06-01 07:33:16 UTC	CC		jshepherd
Jason Shepherd	2017-06-01 07:34:16 UTC	Whiteboard	impact=moderate,public=20161213,reported=20161017,source=upstream,cvss2=4.9/AV:N/AC:M/Au:S/C:P/I:P/A:N,cvss3=3.7/CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N,cwe=CWE-384,rhsso-7/keycloak=affected	impact=moderate,public=20161213,reported=20161017,source=upstream,cvss2=4.9/AV:N/AC:M/Au:S/C:P/I:P/A:N,cvss3=3.7/CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N,cwe=CWE-384,rhsso-7/keycloak=notaffected
Product Security DevOps Team	2019-06-08 03:00:43 UTC	Status	NEW	CLOSED
		Resolution	---	NOTABUG
		Last Closed		2019-06-08 03:00:43 UTC
Product Security DevOps Team	2019-09-29 13:58:49 UTC	Whiteboard	impact=moderate,public=20161213,reported=20161017,source=upstream,cvss2=4.9/AV:N/AC:M/Au:S/C:P/I:P/A:N,cvss3=3.7/CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N,cwe=CWE-384,rhsso-7/keycloak=notaffected

Back to bug 1386729