Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-0105

A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An attacker can shadow other users with the same email and lockout or impersonate them.

Published

2023-01-13T06:15:11.983

Last Modified

2025-04-09T14:15:27.327

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Primary
CWE-287
Type: Secondary
CWE-287

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	redhat	keycloak	-	Yes
Application	redhat	single_sign-on	7.0	No

References

https://access.redhat.com/security/cve/CVE-2023-0105 Vendor Advisory ([email protected])
https://access.redhat.com/security/cve/CVE-2023-0105 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)