Description
A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An attacker can shadow other users with the same email and lockout or impersonate them.
Remediation
References
https://access.redhat.com/security/cve/CVE-2023-0105
Related Vulnerabilities
CVE-2022-45064 Vulnerability in maven package org.apache.sling:org.apache.sling.engine
CVE-2020-28052 Vulnerability in maven package org.bouncycastle:bcprov-jdk15on
CVE-2022-42735 Vulnerability in maven package org.apache.shenyu:shenyu-admin
CVE-2014-3600 Vulnerability in maven package org.apache.activemq:activemq-core
CVE-2023-34468 Vulnerability in maven package org.apache.nifi:nifi-dbcp-base