CVE-2021-20262 log

Source
Severity Medium
Remote Yes
Type Authentication bypass
Description
A security issue was found in Keycloak where re-authentication does not occur while updating the password. This flaw allows an attacker to take over an account if they can obtain temporary, physical access to a user’s browser.
Group Package Affected Fixed Severity Status Ticket
AVG-1332 keycloak 12.0.4-1 High Vulnerable
References
https://bugzilla.redhat.com/show_bug.cgi?id=1933639
https://issues.redhat.com/browse/KEYCLOAK-17250