CVE-2025-1391 in Keycloakالمعلومات

الملخص

بحسب MITRE • 17/02/2025

A flaw was found in the Keycloak organization feature, which allows the incorrect assignment of an organization to a user if their username or email matches the organization’s domain pattern. This issue occurs at the mapper level, leading to misrepresentation in tokens. If an application relies on these claims for authorization, it may incorrectly assume a user belongs to an organization they are not a member of, potentially granting unauthorized access or privileges.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

حجز

17/02/2025

إفشاء

17/02/2025

الاعتدال

تمت الموافقة

إدخال

VDB-296021

EPSS

0.00378

KEV

لا

النشاطات

منخفض جدًا

المصادر

Do you want to use VulDB in your project?

Use the official API to access entries easily!