How severe is CVE-2019-14909?

CVE-2019-14909 has a CVSS v3 score of 8.3 (HIGH).

CVE-2019-14909

Name: keycloak
Author: redhat

8.3HIGH

A vulnerability was found in Keycloak 7.x where the user federation LDAP bind type is none (LDAP anonymous bind), any password, invalid or valid will be accepted.

Опубликовано: 12/4/2019Обновлено: 11/21/2024

Описание

A vulnerability was found in Keycloak 7.x where the user federation LDAP bind type is none (LDAP anonymous bind), any password, invalid or valid will be accepted.

ИИ-АнализНа базе ИИ

Затронутые продукты

redhatkeycloak

7.0.0

redhatkeycloak

7.0.1

Ссылки

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14909
Issue TrackingThird Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14909
Issue TrackingThird Party Advisory