High severityNVD Advisory· Published Jan 25, 2022· Updated Aug 3, 2024

CVE-2021-4133

Description

A flaw was found in Keycloak in versions from 12.0.0 and before 15.1.1 which allows an attacker with any existing user account to create new default user accounts via the administrative REST API even when new user registration is disabled.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
org.keycloak:keycloak-servicesMaven	< 15.1.1	15.1.1

Affected products

N/a/Keycloakv5
Range: keycloak 15.1.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-83x4-9cwr-5487ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2021-4133ghsaADVISORY
bugzilla.redhat.com/show_bug.cgighsax_refsource_MISCWEB
github.com/keycloak/keycloak/issues/9247ghsax_refsource_MISCWEB
github.com/keycloak/keycloak/security/advisories/GHSA-83x4-9cwr-5487ghsax_refsource_MISCWEB
www.oracle.com/security-alerts/cpuapr2022.htmlghsax_refsource_MISCWEB

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000