CVE-2021-20222

HIGH8.3EPSS 0.44%

Code injection in keycloak

發布日:2021/5/13修改日:2023/11/8

描述

A flaw was found in keycloak. The new account console in keycloak can allow malicious code to be executed using the referrer URL. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

受影響套件(1)

Maven/org.keycloak:keycloak-parent>= 9.0.0, < 12.0.3

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH8.3	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-20222
WEBhttps://access.redhat.com/security/cve/cve-2021-20222
WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=1924606
WEBhttps://github.com/keycloak/keycloak/commit/3b80eee5bfdf2b80c47465c0f2eaf70074808741