CVE-2021-20262
CVE-2021-20262 affects Keycloak 12.0.0 where re-authentication is not required when updating a password, potentially allowing account takeover if an attacker can obtain temporary, physical access to a user’s browser. The issue has implications for confidentiality, integrity, and availability as d...