Description

A flaw was found in keycloak. The new account console in keycloak can allow malicious code to be executed using the referrer URL. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Remediation

References

https://bugzilla.redhat.com/show_bug.cgi?id=1924606

Related Vulnerabilities

CVE-2022-2466 Vulnerability in maven package io.quarkus:quarkus-smallrye-graphql

CVE-2022-31175 Vulnerability in npm package @ckeditor/ckeditor5-html-support

CVE-2019-25102 Vulnerability in npm package simple-markdown

CVE-2022-26594 Vulnerability in maven package com.liferay:com.liferay.dynamic.data.mapping.form.field.type

CVE-2023-27901 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Issue Tracking Vendor Advisory