CyberSec.Space Logo
CVEブラウザに戻る

CVE-2021-20195

CRITICAL
9.6
CVSS Severity Score
EPSS Score0.0590%
EPSS Percentile13.08th
Published2021年5月28日
Last Modified2024年11月21日

Vulnerability Description

A flaw was found in keycloak in versions before 13.0.0. A Self Stored XSS attack vector escalating to a complete account takeover is possible due to user-supplied data fields not being properly encoded and Javascript code being used to process the data. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Affected Platforms (CPE)

📦
Redhat

Keycloak

< 12.0.3

References & Advisories

🔗 https://bugzilla.redhat.com/show_bug.cgi?id=1919143
🔗 https://bugzilla.redhat.com/show_bug.cgi?id=1919143

関連する脆弱性情報

CVE-2026-4638910.0

UDS Identity Config builds the Keycloak configuration image (realm, plugins, theme, truststore, JARs) consumed by UDS Core's Ident...

CVE-2017-74749.8

It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly. An attacker could use this flaw...

CVE-2019-149109.8

A vulnerability was found in keycloak 7.x, when keycloak is configured with LDAP user federation and StartTLS is used instead of S...

CVE-2020-17319.1

A flaw was found in all versions of the Keycloak operator, before version 8.0.2,(community only) where the operator generates a ra...