CVE-2023-0105

Published: Jan 13, 2023Modified: Apr 9, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Exploitability: 3.9 / Impact: 2.5

Source: NVD

Description

A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An attacker can shadow other users with the same email and lockout or impersonate them.

Affected (1)

Products: Redhat: Keycloak

Redhat

1 product

Keycloak

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Redhat Keycloak	All versions

Running on/with	Platform Versions
Redhat Single Sign On	Version 7.0

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

https://access.redhat.com/security/cve/CVE-2023-0105

Source: secalert@redhat.com

Vendor Advisory

https://access.redhat.com/security/cve/CVE-2023-0105

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.