CVE-2019-10199

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-10199

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10199.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-10199

Aliases

GHSA-p5xp-6vpf-jwvh

Published

2019-08-14T17:15:11Z

Modified

2024-09-02T23:07:11Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

It was found that Keycloak's account console, up to 6.0.1, did not perform adequate header checks in some requests. An attacker could use this flaw to trick an authenticated user into performing operations via request from an untrusted domain.

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10199

Affected packages

Git / github.com/keycloak/keycloak

Affected ranges

Type: GIT
Repo: https://github.com/keycloak/keycloak
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

217e2ee4721c069bb977e40fd9a03dc08e2d42a9