keycloak-services is vulnerable to unauthorized postings and removals. Posting different credential IDs can be done by using the remove devices form, subsequently possibly to perform unauthorized removal of MFA devices of other users.
CPE | Name | Operator | Version |
---|---|---|---|
keycloak rest services | le | 8.0.2 | |
keycloak rest services | le | 9.0.1 | |
keycloak rest services | le | 8.0.2 | |
keycloak rest services | le | 9.0.1 |