CVE-2024-1722

Medium

A flaw was found in Keycloak. In certain conditions, this issue may allow a remote unauthenticated attacker to block other accounts from…

redhat·CWE-645·Published 2024-02-27

CVSS

5.3

EPSS

0.01

KEV

Exploits

cve.orgen

148 chars

A flaw was found in Keycloak. In certain conditions, this issue may allow a remote unauthenticated attacker to block other accounts from logging in.

NVDen

148 chars

A flaw was found in Keycloak. In certain conditions, this issue may allow a remote unauthenticated attacker to block other accounts from logging in.

In any realm set with "User (Self) registration" a user that is registered with a username in email format can be "locked out" (denied from logging in) using his username.

GHSAen

171 chars

In any realm set with "User (Self) registration" a user that is registered with a username in email format can be "locked out" (denied from logging in) using his username.

NVDes

176 chars

Se encontró una falla en Keycloak. En determinadas condiciones, este problema puede permitir que un atacante remoto no autenticado bloquee el inicio de sesión de otras cuentas.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	NVD	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
3.1	Primary	cve.org	3.7	—	—	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
3.1	Primary	cve.org	3.7	—	—	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
3.1	Secondary	NVD	3.7	2.2	1.4	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
3.1	Secondary	GHSA	3.7	—	—	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L