3 matches found
Moderate severity vulnerability that affects org.keycloak:keycloak-core
Withdrawn: Duplicate of CVE-2017-12161 / GHSA-959q-32g8-vvp7...
CVE-2017-12161
Concrete details show a vulnerability in Keycloak prior to 3.4.2 final where a client-side /etc/hosts entry can be abused to spoof a URL in a password reset request, enabling an attacker to obtain a valid reset token and potentially disclose information or enable further attacks. Affected softwar...
CVE-2017-1000500
REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-12161. Reason: This candidate is a reservation duplicate of CVE-2017-12161. Notes: All CVE users should reference CVE-2017-12161 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...