CSRF Vulnerability in JBoss KeyCloak by Red Hat
CVE-2014-3709

8.8HIGH

Key Information:

Vendor

Keycloak

Status
Keycloak
Vendor
CVE Published:
18 October 2017

What is CVE-2014-3709?

The SocialResource.callback method in JBoss KeyCloak versions prior to 1.0.3.Final lacks sufficient CSRF protection, allowing remote attackers to exploit this weakness. This vulnerability enables them to initiate unauthorized actions on behalf of authenticated users, posing a significant risk to user data and application integrity. It's critical for organizations using affected versions to implement necessary security measures and upgrade to mitigate these risks.

References

https://issues.jboss.org/browse/KEYCLOAK-765
x_refsource_CONFIRM
http://www.securityfocus.com/bid/101508
vdb-entryx_refsource_BID
https://bugzilla.redhat.com/show_bug.cgi?id=1154971
x_refsource_CONFIRM

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.