keycloak: impersonation and lockout possible through incorrect handling of email trust

A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An attacker can shadow other users with the same email and lockout or impersonate them...

Insecure Permissions

org.keycloak:keycloak-parent is vulnerable to Insecure Permissions. An attacker is able to shadow other users with the same email and impersonate or lockout the victim due to the email trust not being handled correctly...

GHSA-VHVQ-JH34-3FC8 Duplicate Advisory: Keycloak allows impersonation and lockout due to email trust not being handled correctly

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-c7xw-p58w-h6fj. This link is maintained to preserve external references. Original Description A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled...

PT-2023-16014 · Red Hat · Keycloak

Name of the Vulnerable Software and Affected Versions: Keycloak affected versions not specified Description: A flaw in Keycloak allows impersonation and lockout due to incorrect handling of email trust. This issue enables an attacker to shadow other users with the same email, potentially leading ...