← back
CVE-2023-0105

CVE-2023-0105

CVSS 6.5 MEDIUMEPSS 0.7%CWE-287
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.5EPSS 0.7%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
11 Jan 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An attacker can shadow other users with the same email and lockout or impersonate them.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Affected products
redhat.com · Keycloak

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://access.redhat.com/security/cve/CVE-2023-0105