Description

It was found that Keycloak's account console, up to 6.0.1, did not perform adequate header checks in some requests. An attacker could use this flaw to trick an authenticated user into performing operations via request from an untrusted domain.

Remediation

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10199

Related Vulnerabilities

CVE-2023-29526 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore

CVE-2021-25329 Vulnerability in maven package org.apache.tomcat:tomcat-catalina

CVE-2023-20866 Vulnerability in maven package org.springframework.session:spring-session-core

CVE-2023-38504 Vulnerability in npm package sails

CVE-2020-6467 Vulnerability in npm package electron

Severity

Critical

Classification

CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Issue Tracking Vendor Advisory