CVE-2021-20222

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-20222

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-20222.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-20222

Aliases

GHSA-2mq8-99q7-55wx

Published

2021-03-23T17:15:13Z

Modified

2024-09-02T22:12:06Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A flaw was found in keycloak. The new account console in keycloak can allow malicious code to be executed using the referrer URL. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1924606

Affected packages

Git / github.com/keycloak/keycloak

Affected ranges

Type: GIT
Repo: https://github.com/keycloak/keycloak
Events: Introduced

0e2d63fceb20b276cd7f7cfc5a09ecb8c44a14d2

Fixed

af1855ebc6a3d025b58b697c9bc32567fb512eec