CVE-2021-4133

Sažetak

A flaw was found in Keycloak in versions from 12.0.0 and before 15.1.1 which allows an attacker with any existing user account to create new default user accounts via the administrative REST API even when new user registration is disabled.

Reference

https://github.com/keycloak/keycloak/security/advisories/GHSA-83x4-9cwr-5487
https://github.com/keycloak/keycloak/issues/9247
https://bugzilla.redhat.com/show_bug.cgi?id=2033602
https://www.oracle.com/security-alerts/cpuapr2022.html

CVSS

Base:	6.5
Impact:	6.4
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

03-09-2022 - 03:33

Objavljeno

25-01-2022 - 20:15