CVE-2021-3754

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-3754
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-3754.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-3754
Aliases
Published
2022-08-26T16:15:09Z
Modified
2024-12-20T18:27:17.000836Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
[none]
Details

A flaw was found in keycloak where an attacker is able to register himself with the username same as the email ID of any existing user. This may cause trouble in getting password recovery email in case the user forgets the password.

References

Affected packages

Git / github.com/keycloak/keycloak

Affected ranges

Type
GIT
Repo
https://github.com/keycloak/keycloak
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected