CVE-2021-4133
CVE-2021-4133 Keycloak: Incorrect authorization allows unpriviledged users to create other users
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A flaw was found in Keycloak in versions from 12.0.0 and before 15.1.1 which allows an attacker with any existing user account to create new default user accounts via the administrative REST API even when new user registration is disabled.
Se ha encontrado un fallo en Keycloak en las versiones a partir de la 12.0.0 y anteriores hasta 15.1.1, que permite a un atacante con cualquier cuenta de usuario existente crear nuevas cuentas de usuario por defecto por medio de la API REST administrativa incluso cuando el registro de nuevos usuarios está deshabilitado
A flaw was found in Keycloak version from 12.0.0 and before 15.1.1 which allows an attacker with any existing user account to create new default user accounts via the administrative REST API even when new user registration is disabled.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-12-17 CVE Reserved
- 2021-12-21 CVE Published
- 2024-08-03 CVE Updated
- 2024-09-27 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-863: Incorrect Authorization
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
https://github.com/keycloak/keycloak/issues/9247 | Third Party Advisory | |
https://github.com/keycloak/keycloak/security/advisories/GHSA-83x4-9cwr-5487 | Third Party Advisory | |
https://www.oracle.com/security-alerts/cpuapr2022.html | Not Applicable |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=2033602 | 2022-01-18 | |
https://access.redhat.com/security/cve/CVE-2021-4133 | 2022-01-18 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Redhat Search vendor "Redhat" | Keycloak Search vendor "Redhat" for product "Keycloak" | >= 12.0.0 < 15.1.1 Search vendor "Redhat" for product "Keycloak" and version " >= 12.0.0 < 15.1.1" | - |
Affected
|