Description
A flaw was found in keycloak as shipped in Red Hat Single Sign-On 7.4 where IDN homograph attacks are possible. A malicious user can register himself with a name already registered and trick admin to grant him extra privileges.
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=1933320
Related Vulnerabilities
CVE-2023-34104 Vulnerability in maven package org.webjars.npm:fast-xml-parser
CVE-2021-20289 Vulnerability in maven package org.jboss.resteasy:resteasy-core
CVE-2019-16562 Vulnerability in maven package org.jenkins-ci.plugins:buildgraph-view
CVE-2018-3751 Vulnerability in npm package merge-recursive
CVE-2023-34189 Vulnerability in maven package org.apache.inlong:manager-web