CVE-2019-14837
published 2020-01-07CVE-2019-14837: A flaw was found in keycloack before version 8.0.0. The owner of 'placeholder.org' domain can setup mail server on this domain and knowing only name of a…
critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
A flaw was found in keycloack before version 8.0.0. The owner of 'placeholder.org' domain can setup mail server on this domain and knowing only name of a client can reset password and then log in. For example, for client name 'test' the email address will be '[email protected]'.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| red_hat | keycloak | — | — |
| redhat | keycloak | < 8.0.0 | 8.0.0 |
| redhat | single_sign-on | — | — |