Moderate severityNVD Advisory· Published May 4, 2020· Updated Aug 4, 2024
CVE-2020-10686
CVE-2020-10686
Description
A flaw was found in Keycloak version 8.0.2 and 9.0.0, and was fixed in Keycloak version 9.0.1, where a malicious user registers as oneself. The attacker could then use the remove devices form to post different credential IDs and possibly remove MFA devices for other users.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.keycloak:keycloak-coreMaven | < 9.0.2 | 9.0.2 |
Affected products
2Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-9695-w6h2-jpv9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-10686ghsaADVISORY
- bugzilla.redhat.com/show_bug.cgighsax_refsource_CONFIRMWEB
- github.com/keycloak/keycloak/commit/5ddd605ee96b8551c7eb00b609a0b97939925b77ghsaWEB
News mentions
0No linked articles in our index yet.