Bug 2158910 (CVE-2023-0105)
Summary: | CVE-2023-0105 keycloak: impersonation and lockout possible through incorrect handling of email trust | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | mulliken |
Component: | vulnerability | Assignee: | Nobody <nobody> |
Status: | NEW --- | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | boliveir, bugzilla, chazlett, pdelbell, pdrozd, pjindal, pskopek, sthorger |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | keycloak 22.0.1 | Doc Type: | If docs needed, set a value |
Doc Text: |
A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An attacker can shadow other users with the same email and lockout or impersonate them.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | Type: | --- | |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 2152160 |
Description
mulliken
2023-01-06 21:30:35 UTC
This issue has been addressed in the following products: Red Hat Single Sign-On 7.6 for RHEL 9 Via RHSA-2023:7484 https://access.redhat.com/errata/RHSA-2023:7484 This issue has been addressed in the following products: Red Hat Single Sign-On 7.6 for RHEL 7 Via RHSA-2023:7482 https://access.redhat.com/errata/RHSA-2023:7482 This issue has been addressed in the following products: Red Hat Single Sign-On 7.6 for RHEL 8 Via RHSA-2023:7483 https://access.redhat.com/errata/RHSA-2023:7483 This issue has been addressed in the following products: RHEL-8 based Middleware Containers Via RHSA-2023:7486 https://access.redhat.com/errata/RHSA-2023:7486 This issue has been addressed in the following products: Red Hat Single Sign-On Via RHSA-2023:7488 https://access.redhat.com/errata/RHSA-2023:7488 |