CVE-2023-0105

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-0105

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-0105.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-0105

Aliases

GHSA-c7xw-p58w-h6fj

Downstream

RHSA-2023:7482

RHSA-2023:7483

RHSA-2023:7484

Published

2023-01-13T06:15:11.983Z

Modified

2026-03-14T12:00:44.850668Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L CVSS Calculator

Summary

[none]

Details

A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An attacker can shadow other users with the same email and lockout or impersonate them.

References

https://access.redhat.com/security/cve/CVE-2023-0105

Affected packages

Git /

Affected ranges

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-0105.json"