Insecure Header Processing in Keycloak's Account Console Affecting Red Hat
CVE-2019-10199

4.6MEDIUM

Key Information:

Vendor: Red Hat
Status: Keycloak
Vendor: CVE Published:; 14 August 2019

What is CVE-2019-10199?

Keycloak's account console, prior to version 6.0.1, exhibited a significant vulnerability due to inadequate checks on HTTP headers across various requests. This oversight allowed attackers to potentially exploit authenticated users, convincing them to unknowingly execute harmful operations originating from an untrusted domain. Such an attack could compromise user data and lead to unauthorized actions within the Keycloak application, making it crucial for users to ensure they are on the latest version to mitigate this type of security risk.

Affected Version(s)

keycloak up to keycloak 6.0.1

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10199

x_refsource_CONFIRM

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 14, 2019
Vulnerability Reserved
Mar 27, 2019

JSON