Improper Input Validation and Cross-Site Request Forgery in Keycloak

GHSA-p5xp-6vpf-jwvh · CVE-2019-10199

Published Sep 23, 2019 · Modified Nov 8, 2023

Description

It was found that Keycloak's account console, up to 6.0.1, did not perform adequate header checks in some requests. An attacker could use this flaw to trick an authenticated user into performing operations via request from an untrusted domain.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2019-10199
WEB https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10199
PACKAGE https://github.com/keycloak/keycloak

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes