First published: Wed Feb 03 2021(Updated: )
Attacker can attach malicious code using the referrer URL using new account console. <a href="https://issues.redhat.com/browse/KEYCLOAK-17033">https://issues.redhat.com/browse/KEYCLOAK-17033</a>
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/keycloak | <13.0.0 | 13.0.0 |
Redhat Keycloak | >=9.0.0<13.0.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-20222 is a vulnerability found in Keycloak that allows execution of malicious code using the referrer URL.
The highest threat from CVE-2021-20222 is to data confidentiality and integrity, as well as system availability.
CVE-2021-20222 can be exploited by using the referrer URL in the new account console in Keycloak to execute malicious code.
Keycloak versions up to but excluding 13.0.0 are affected by CVE-2021-20222.
To fix CVE-2021-20222, upgrade your Keycloak installation to version 13.0.0 or later.