CVE-2023-0105 Vulnerability Details

  /     /     /  

CVE-2023-0105 Metadata Quick Info

CVE Published: 11/01/2023 | CVE Updated: 02/08/2024 | CVE Year: 2023
Source: redhat | Vendor: redhat.com | Product: Keycloak
Status : PUBLISHED

---

CVE-2023-0105 Description

A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An attacker can shadow other users with the same email and lockout or impersonate them.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: n/a
Source: redhat.com

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).