PT-2019-7101 · Red Hat · Keycloak

Published

2019-11-13

·

Updated

2022-05-17

·

CVE-2014-3655

CVSS v2.0

4.3

Medium

VectorAV:N/AC:M/Au:N/C:N/I:P/A:N
Name of the Vulnerable Software and Affected Versions KeyCloak versions prior to 1.0.2.Final
Description The issue allows for soft token deletion via CSRF. This can potentially lead to unauthorized access or data modification. The estimated number of affected devices and real-world incidents are not specified.
Recommendations For versions prior to 1.0.2.Final, update to version 1.0.2.Final to resolve the issue. As a temporary workaround, consider implementing CSRF protection measures to minimize the risk of exploitation.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2014-3655
GHSA-237Q-6HJP-PCHQ

Affected Products

Keycloak