9.0.0

CVSS 4.7 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

LOW

network

low complexity

redhat

NVD

Published: 2020-05-04

Updated: 2023-11-07

Summary

A flaw was found in Keycloak version 8.0.2 and 9.0.0, and was fixed in Keycloak version 9.0.1, where a malicious user registers as oneself. The attacker could then use the remove devices form to post different credential IDs and possibly remove MFA devices for other users.

Vulnerable Configurations

Part	Description	Count
Application	Redhat Redhat Keycloak 9.0.0 Redhat Keycloak 8.0.2	2

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10686