Description
It was found that Keycloak's account console, up to 6.0.1, did not perform adequate header checks in some requests. An attacker could use this flaw to trick an authenticated user into performing operations via request from an untrusted domain.
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10199
Related Vulnerabilities
CVE-2022-46686 Vulnerability in maven package io.jenkins.plugins:custom-build-properties
CVE-2023-40826 Vulnerability in maven package org.pf4j:pf4j
CVE-2019-1003057 Vulnerability in maven package org.jenkins-ci.plugins:bitbucket-approve
CVE-2023-29471 Vulnerability in maven package com.typesafe.akka:akka-stream-kafka_2.12