CVE-2021-4133

Published: Jan 25, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

A flaw was found in Keycloak in versions from 12.0.0 and before 15.1.1 which allows an attacker with any existing user account to create new default user accounts via the administrative REST API even when new user registration is disabled.

Vendor	Product	Versions
n/a	Keycloak	affected `keycloak 15.1.1`

Weaknesses (CWE)

CWE-863

References

https://bugzilla.redhat.com/show_bug.cgi?id=2033602

x_refsource_MISC

https://github.com/keycloak/keycloak/issues/9247

x_refsource_MISC

https://github.com/keycloak/keycloak/security/advisories/GHSA-83x4-9cwr-5487

x_refsource_MISC

https://www.oracle.com/security-alerts/cpuapr2022.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-4133

Description

Affected Products

Weaknesses (CWE)

References