CVE-2020-10686
CVE-2020-10686 affects Keycloak versions 8.0.2 and 9.0.0, with a fix in 9.0.1. A malicious user can register as themselves and then use the remove devices form to post different credential IDs, potentially removing MFA devices for other users. Affected software: Keycloak server (8.0.2–9.0.0). Roo...