CVE-2019-10199

HIGH

8.8

CVSS Severity Score

EPSS Score0.1890%

EPSS Percentile44.33th

Published2019年8月14日

Last Modified2024年11月21日

Vulnerability Description

It was found that Keycloak's account console, up to 6.0.1, did not perform adequate header checks in some requests. An attacker could use this flaw to trick an authenticated user into performing operations via request from an untrusted domain.

Affected Platforms (CPE)

📦

Redhat

Keycloak

<= 6.0.1

References & Advisories

🔗 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10199

関連する脆弱性情報

CVE-2026-4638910.0

UDS Identity Config builds the Keycloak configuration image (realm, plugins, theme, truststore, JARs) consumed by UDS Core's Ident...

CVE-2017-74749.8

It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly. An attacker could use this flaw...

CVE-2019-149109.8

A vulnerability was found in keycloak 7.x, when keycloak is configured with LDAP user federation and StartTLS is used instead of S...

CVE-2021-201959.6

A flaw was found in keycloak in versions before 13.0.0. A Self Stored XSS attack vector escalating to a complete account takeover ...