Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-3754

A flaw was found in keycloak where an attacker is able to register himself with the username same as the email ID of any existing user. This may cause trouble in getting password recovery email in case the user forgets the password.

Published

2022-08-26T16:15:09.520

Last Modified

2024-11-21T06:22:20.783

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-20
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	redhat	keycloak	-	Yes
Application	redhat	single_sign-on	7.0	Yes

References

https://access.redhat.com/security/cve/CVE-2021-3754 Vendor Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=1999196 Issue Tracking, Vendor Advisory ([email protected])
https://access.redhat.com/security/cve/CVE-2021-3754 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=1999196 Issue Tracking, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)