4 matches found
be.jidoka:jdk-keycloak-admin (>=2.0.0 <=2.2.0), cn.sparrowmini:sparrow-keycloak-adapter (>=0.0.1 <=0.0.2) +474 more potentially affected by CVE-2023-0105 via org.keycloak:keycloak-core (>=1.0-alpha-1 <=22.0.0)
org.keycloak:keycloak-core MAVEN version =1.0-alpha-1, =2.0.0, =0.0.1, =1.5.1, =1.5.1, =1.6.2, =1.6.2, =1.5.2, =1.5.2, =1.7.2, =1.7.2, =1.0.22, =1.0.22, =1.4.3, =1.4.3, =1.2.9, =1.5.0 and more Source cves: CVE-2023-0105 Source advisory: OSV:GHSA-C7XW-P58W-H6FJ...
CVE-2023-0105
CVE-2023-0105 affects Keycloak: the vulnerability stems from incorrect handling of email trust, enabling an attacker to shadow other users with the same email and cause impersonation or lockout. The issue is documented in multiple sources (GHSA and OSV) with explicit description of impersonation/...
CVE-2023-0105
A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An attacker can shadow other users with the same email and lockout or impersonate them...
CVE-2023-0105
A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An attacker can shadow other users with the same email and lockout or impersonate them...