Lucene search

K
osvGoogleOSV:GHSA-M9CJ-V55F-8X26
HistoryMar 18, 2022 - 5:55 p.m.

Authentication Bypass in keycloak

2022-03-1817:55:26
Google
osv.dev
27

0.001 Low

EPSS

Percentile

22.7%

A flaw was found in Keycloak before version 12.0.0 where it is possible to update the user’s metadata attributes using Account REST API. This flaw allows an attacker to change its own NameID attribute to impersonate the admin user for any particular application.

0.001 Low

EPSS

Percentile

22.7%