CVE-2019-10199: CSRF
First published: Thu Jul 11 2019(Updated: )
A vulnerability was found in keycloak. A CSRF attack can be performed in My Resources functionality in the Account Console. The attacker can trick the user to perform operations by using social engineering or any other mean that can result in a request to Keycloak from an untrusted domain. References: <a href="https://issues.jboss.org/browse/KEYCLOAK-10775">https://issues.jboss.org/browse/KEYCLOAK-10775</a>
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/keycloak | <7.0.0 | 7.0.0 |
| Redhat Keycloak | <=6.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10199
- https://issues.jboss.org/browse/KEYCLOAK-10775
- https://access.redhat.com/errata/RHSA-2019:2483
- https://access.redhat.com/security/cve/cve-2019-10199
- https://access.redhat.com/errata/RHSA-2020:2067
- https://access.redhat.com/errata/RHSA-2020:2366
- https://bugzilla.redhat.com/show_bug.cgi?id=1729261
- https://www.cve.org/CVERecord?id=CVE-2019-10199 https://nvd.nist.gov/vuln/detail/CVE-2019-10199
Parent vulnerabilities
(Appears in the following advisories)
- collector/redhat-cve
- collector/nvd-index
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2019-10199
- agent/software-canonical-lookup
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/redhat
- canonical/redhat keycloak
- version/redhat keycloak/6.0.1
- package-manager/redhat