A flaw was found in the reset credential flow in all Keycloak versions before 8.0.0. This flaw allows an attacker to gain unauthorized access to the application.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Jboss_fuse | Redhat | 7.0.0 (including) | 7.0.0 (including) |
Keycloak | Redhat | * | 8.0.0 (excluding) |
Openshift_application_runtimes | Redhat | - (including) | - (including) |