CVE-2019-10199
Improper Input Validation and Cross-Site Request Forgery in Keycloak
8.8
HIGH
CVSS 3.1
EPSS 0.10%
Description
It was found that Keycloak's account console, up to 6.0.1, did not perform adequate header checks in some requests. An attacker could use this flaw to trick an authenticated user into performing operations via request from an untrusted domain.
How to fix CVE-2019-10199
To remediate CVE-2019-10199, upgrade the affected package to a fixed version below.
- —upgrade to 7.0.0 or later
Is CVE-2019-10199 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 7.0.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |