PT-2019-7101 · Red Hat · Keycloak

Publicado

2019-11-13

·

Atualizado

2022-05-17

·

CVE-2014-3655

CVSS v2.0

4.3

Média

VetorAV:N/AC:M/Au:N/C:N/I:P/A:N
Name of the Vulnerable Software and Affected Versions KeyCloak versions prior to 1.0.2.Final
Description The issue allows for soft token deletion via CSRF. This can potentially lead to unauthorized access or data modification. The estimated number of affected devices and real-world incidents are not specified.
Recommendations For versions prior to 1.0.2.Final, update to version 1.0.2.Final to resolve the issue. As a temporary workaround, consider implementing CSRF protection measures to minimize the risk of exploitation.

Exploit

Correção

CSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-352

Identificadores relacionados

CVE-2014-3655
GHSA-237Q-6HJP-PCHQ

Produtos afetados

Keycloak