CVE-2021-3632
published 2022-08-26CVE-2021-3632: A flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or key when there is not a device already registered for any…
high7.5CVSS 3.1
AVNACHPRNUIRSUCHIHAH
A flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or key when there is not a device already registered for any user by using the WebAuthn password-less login flow.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| redhat | keycloak | < 15.1.0 | 15.1.0 |
| redhat | keycloak | — | — |
| redhat | single_sign-on | — | — |
| redhat | single_sign-on | >= 7.4 < 7.4.9 | 7.4.9 |