6.8 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
31.5%
A community-only flaw was found where a malicious user can register himself and then uses the “remove devices” form to post different credential ids with the hope of removing MFA devices for other users.
bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10686
github.com/keycloak/keycloak
github.com/keycloak/keycloak/commit/5ddd605ee96b8551c7eb00b609a0b97939925b77
nvd.nist.gov/vuln/detail/CVE-2020-10686