A vulnerability was found in keycloak. A CSRF attack can be performed in My Resources functionality in the Account Console. The attacker can trick the user to perform operations by using social engineering or any other mean that can result in a request to Keycloak from an untrusted domain. References: https://issues.jboss.org/browse/KEYCLOAK-10775
This issue has been addressed in the following products: Red Hat Single Sign-On 7.3.3 zip Via RHSA-2019:2483 https://access.redhat.com/errata/RHSA-2019:2483
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-10199
This issue has been addressed in the following products: Red Hat Openshift Application Runtimes Via RHSA-2020:2067 https://access.redhat.com/errata/RHSA-2020:2067
This issue has been addressed in the following products: Red Hat Runtimes Spring Boot 2.1.12 Via RHSA-2020:2366 https://access.redhat.com/errata/RHSA-2020:2366