Red Hat · Keycloak · CVE-2023-0105
**Name of the Vulnerable Software and Affected Versions**
Keycloak (affected versions not specified)
**Description**
A flaw in Keycloak allows impersonation and lockout due to incorrect handling of email trust. This issue enables an attacker to shadow other users with the same email, potentially leading to lockout or impersonation. The problem arises because the verified state of an email is not reset when the email changes, allowing users to shadow others with the same email.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.