A flaw was found in keycloak. The new account console in keycloak can allow malicious code to be executed using the referrer URL. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1924606 | Issue Tracking Vendor Advisory |
Configurations
History
21 Oct 2022, 20:11
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-79 |
19 May 2021, 21:24
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:* |
26 Mar 2021, 19:47
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1924606 - Issue Tracking, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 5.1
v3 : 7.5 |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1924606 - Issue Tracking, Vendor Advisory | |
CPE | cpe:2.3:a:redhat:keycloak:13.0.0:*:*:*:*:*:*:* | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1924606 - Issue Tracking, Vendor Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1924606 - Issue Tracking, Vendor Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1924606 - Issue Tracking, Vendor Advisory | |
CPE | cpe:2.3:a:redhat:keycloak:13.0.0:*:*:*:*:*:*:* | |
CPE | cpe:2.3:a:redhat:keycloak:13.0.0:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 5.1
v3 : 7.5 |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1924606 - Issue Tracking, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 5.1
v3 : 7.5 |
CPE | cpe:2.3:a:redhat:keycloak:13.0.0:*:*:*:*:*:*:* | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1924606 - Issue Tracking, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 5.1
v3 : 7.5 |
CPE | cpe:2.3:a:redhat:keycloak:13.0.0:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 5.1
v3 : 7.5 |
CPE | cpe:2.3:a:redhat:keycloak:13.0.0:*:*:*:*:*:*:* | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1924606 - Issue Tracking, Vendor Advisory | |
CPE | cpe:2.3:a:redhat:keycloak:13.0.0:*:*:*:*:*:*:* | |
CPE | cpe:2.3:a:redhat:keycloak:13.0.0:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 5.1
v3 : 7.5 |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1924606 - Issue Tracking, Vendor Advisory | |
CPE | cpe:2.3:a:redhat:keycloak:13.0.0:*:*:*:*:*:*:* | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1924606 - Issue Tracking, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 5.1
v3 : 7.5 |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1924606 - Issue Tracking, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 5.1
v3 : 7.5 |
CPE | cpe:2.3:a:redhat:keycloak:13.0.0:*:*:*:*:*:*:* | |
CPE | cpe:2.3:a:redhat:keycloak:13.0.0:*:*:*:*:*:*:* | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1924606 - Issue Tracking, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 5.1
v3 : 7.5 |
CPE | cpe:2.3:a:redhat:keycloak:13.0.0:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 5.1
v3 : 7.5 |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1924606 - Issue Tracking, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 5.1
v3 : 7.5 |
CPE | cpe:2.3:a:redhat:keycloak:13.0.0:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 5.1
v3 : 7.5 |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1924606 - Issue Tracking, Vendor Advisory | |
CPE | cpe:2.3:a:redhat:keycloak:13.0.0:*:*:*:*:*:*:* | |
CPE | cpe:2.3:a:redhat:keycloak:13.0.0:*:*:*:*:*:*:* | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1924606 - Issue Tracking, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 5.1
v3 : 7.5 |
CVSS |
v2 : v3 : |
v2 : 5.1
v3 : 7.5 |
CVSS |
v2 : v3 : |
v2 : 5.1
v3 : 7.5 |
23 Mar 2021, 17:39
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | ||
CPE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | ||
CPE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | ||
CPE | ||
CPE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | ||
CPE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | ||
CPE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
New CVE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
Information
Published : 2021-03-23 17:15
Updated : 2023-12-10 13:41
NVD link : CVE-2021-20222
Mitre link : CVE-2021-20222
CVE.ORG link : CVE-2021-20222
JSON object : View
Products Affected
redhat
- keycloak