CVE-2019-10199

It was found that Keycloak's account console, up to 6.0.1, did not perform adequate header checks in some requests. An attacker could use this flaw to trick an authenticated user into performing operations via request from an untrusted domain.
References
Link Resource
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10199 Issue Tracking Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-08-14 17:15

Updated : 2024-02-28 17:08


NVD link : CVE-2019-10199

Mitre link : CVE-2019-10199

CVE.ORG link : CVE-2019-10199


JSON object : View

Products Affected

redhat

  • keycloak
CWE
CWE-352

Cross-Site Request Forgery (CSRF)