A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users.
2023-03-29T21:15:07.853
2024-11-21T06:40:23.330
Modified
CVSSv3.1: 5.4 (MEDIUM)
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | redhat | keycloak | < 20.0.5 | Yes |
Application | redhat | single_sign-on | - | Yes |
Application | redhat | single_sign-on | < 7.6.2 | Yes |
Operating System | redhat | enterprise_linux | 7.0 | No |
Operating System | redhat | enterprise_linux | 8.0 | No |
Operating System | redhat | enterprise_linux | 9.0 | No |
Application | redhat | openshift_container_platform | 4.9 | Yes |
Application | redhat | openshift_container_platform | 4.10 | Yes |
Operating System | redhat | enterprise_linux | 8.0 | No |
Operating System | redhat | enterprise_linux_for_ibm_z_systems | 8.0 | No |
Operating System | redhat | enterprise_linux_for_ibm_z_systems_eus | 8.0 | No |
Operating System | redhat | enterprise_linux_for_power_little_endian | 8.0 | No |
Operating System | redhat | enterprise_linux_for_power_little_endian_eus | 8.0 | No |