Vulnerability Details CVE-2021-20262
A flaw was found in Keycloak 12.0.0 where re-authentication does not occur while updating the password. This flaw allows an attacker to take over an account if they can obtain temporary, physical access to a user’s browser. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 13.1%
CVSS Severity
CVSS v3 Score 6.8
CVSS v2 Score 4.6
References
Products affected by CVE-2021-20262
-
cpe:2.3:a:redhat:keycloak:12.0.0
-
cpe:2.3:a:redhat:single_sign-on:7.0