CVE-2023-4918
The CVE-2023-4918 entry concerns Keycloak (org.keycloak.userprofile) where password and password-confirm fields submitted during self-registration become regular user attributes. The described flaw allows any user with proper rights to read user attributes and retrieve passwords in clear text, po...