You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A incorrect authorization flaw was found in Keycloak 12.0.0, the flaw allows an attacker with any existing user account to create new default user accounts via the administrative REST API even where new user registration is disabled.
@stianst - the version range marked as vulnerable on the GHSA is throwing our dev team off. Could you add a min affected version to it to ensure consistency with the NVD record and version declaration above as well. https://nvd.nist.gov/vuln/detail/CVE-2021-4133
Describe the bug
A incorrect authorization flaw was found in Keycloak 12.0.0, the flaw allows an attacker with any existing user account to create new default user accounts via the administrative REST API even where new user registration is disabled.
Security advisory:
Version
12.0.0 up to and including 15.0.0
The text was updated successfully, but these errors were encountered: