PT-2019-11616 · Red Hat · Keycloak

Published

2019-08-14

Updated

2021-10-28

CVE-2019-10199

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Keycloak versions up to 6.0.1

Description: The issue is related to inadequate header checks in some requests in Keycloak's account console. This could allow an attacker to trick an authenticated user into performing operations via a request from an untrusted domain.

Recommendations: For versions up to 6.0.1, update to a version that includes the necessary security fixes to perform adequate header checks in the account console.

Fix

CSRF

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352CWE-20

Related Identifiers

CVE-2019-10199

GHSA-P5XP-6VPF-JWVH

Affected Products

Keycloak

PT-2019-11616 · Red Hat · Keycloak

CVE-2019-10199

Weakness Enumeration

Related Identifiers

Affected Products

References · 5