CVE-2023-0105

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Name of the Vulnerable Software and Affected Versions Keycloak (affected versions not specified)

Description A flaw in Keycloak allows impersonation and lockout due to incorrect handling of email trust. This issue enables an attacker to shadow other users with the same email, potentially leading to lockout or impersonation. The problem arises because the verified state of an email is not reset when the email changes, allowing users to shadow others with the same email.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-841CWE-287

Related Identifiers

CVE-2023-0105

GHSA-C7XW-P58W-H6FJ

GHSA-VHVQ-JH34-3FC8

RHSA-2023:7482

RHSA-2023:7483

RHSA-2023:7484

Affected Products

Keycloak

CVE-2023-0105

Weakness Enumeration

Related Identifiers

Affected Products

References · 11