CVE-2021-4133

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-4133

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-4133.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-4133

Aliases

GHSA-83x4-9cwr-5487

Related

Published

2022-01-25T20:15:08Z

Modified

2024-10-11T09:41:28Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A flaw was found in Keycloak in versions from 12.0.0 and before 15.1.1 which allows an attacker with any existing user account to create new default user accounts via the administrative REST API even when new user registration is disabled.

References

Affected packages

Git / github.com/keycloak/keycloak

Affected ranges

Type: GIT
Repo: https://github.com/keycloak/keycloak
Events: Introduced

2690229863ddbcdfa2c75e00a7a9858e2e03c6c9

Fixed

6bfd4549bb1e9a17791849252e1de0d95a9f4012