CVE-2023-0105

Keycloak allows impersonation and lockout due to email trust not being handled correctly in maven/org.keycloak/keycloak-core

Identifiers

CVE-2023-0105, GHSA-vhvq-jh34-3fc8

Package Slug

maven/org.keycloak/keycloak-core

Vulnerability

Keycloak allows impersonation and lockout due to email trust not being handled correctly

Description

A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An attacker can shadow other users with the same email and lockout or impersonate them.

Affected Versions

All versions before 22.0.1

Solution

Upgrade to version 22.0.1 or above.

Last Modified

2023-01-15

source