CVE-2021-3754

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-3754

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3754.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-3754

Aliases

GHSA-j9xq-j329-2xvg

Published

2022-08-26T16:15:09Z

Modified

2024-05-13T21:56:40Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Summary

[none]

Details

A flaw was found in keycloak where an attacker is able to register himself with the username same as the email ID of any existing user. This may cause trouble in getting password recovery email in case the user forgets the password.

References

Affected packages

Git / github.com/keycloak/keycloak

Affected ranges

Type: GIT
Repo: https://github.com/keycloak/keycloak
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

e6a274ea0e31c6572e795f3372f006c88122539b