Description
A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An attacker can shadow other users with the same email and lockout or impersonate them.
Remediation
References
https://access.redhat.com/security/cve/CVE-2023-0105
Related Vulnerabilities
CVE-2020-15138 Vulnerability in npm package prismjs
CVE-2019-10307 Vulnerability in maven package org.jvnet.hudson.plugins:analysis-core
CVE-2018-1196 Vulnerability in maven package org.springframework.boot:spring-boot-loader-tools
CVE-2020-1913 Vulnerability in npm package hermes-engine
CVE-2017-2582 Vulnerability in maven package org.keycloak:keycloak-saml-core