CVE-2019-10199

HIGH

8.8

CVSS Severity Score

EPSS Score0.1890%

EPSS Percentile44.33th

PublishedAug 14, 2019

Last ModifiedNov 21, 2024

Vulnerability Description

It was found that Keycloak's account console, up to 6.0.1, did not perform adequate header checks in some requests. An attacker could use this flaw to trick an authenticated user into performing operations via request from an untrusted domain.

Affected Platforms (CPE)

📦

Redhat

Keycloak

<= 6.0.1

References & Advisories

🔗 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10199

Related Vulnerabilities

CVE-2026-4638910.0

UDS Identity Config builds the Keycloak configuration image (realm, plugins, theme, truststore, JARs) consumed by UDS Core's Ident...

CVE-2017-74749.8

It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly. An attacker could use this flaw...

CVE-2019-149109.8

A vulnerability was found in keycloak 7.x, when keycloak is configured with LDAP user federation and StartTLS is used instead of S...

CVE-2021-201959.6

A flaw was found in keycloak in versions before 13.0.0. A Self Stored XSS attack vector escalating to a complete account takeover ...