CVE-2021-20222 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	Yes
Type	Cross-site scripting
Description	A security issue was found in keycloak before version 13.0.0. The new account console in keycloak can allow malicious code to be executed using the referrer URL.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1926	keycloak	12.0.4-1	13.0.0-1	High	Fixed

Date	Advisory	Group	Package	Severity	Type
19 May 2021	ASA-202105-6	AVG-1926	keycloak	High	multiple issues

References
https://bugzilla.redhat.com/show_bug.cgi?id=1924606 https://issues.redhat.com/browse/KEYCLOAK-17033 https://github.com/keycloak/keycloak/pull/7868 https://github.com/keycloak/keycloak/commit/3b80eee5bfdf2b80c47465c0f2eaf70074808741

References

https://bugzilla.redhat.com/show_bug.cgi?id=1924606
https://issues.redhat.com/browse/KEYCLOAK-17033
https://github.com/keycloak/keycloak/pull/7868
https://github.com/keycloak/keycloak/commit/3b80eee5bfdf2b80c47465c0f2eaf70074808741