It was found that the cookie used for CSRF prevention in Keycloak was not unique to each session. An attacker could use this flaw to gain access to an authenticated user session, leading to possible information disclosure or further attacks.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2017-10-26T17:00:00Z

Updated: 2024-09-16T21:02:35.248Z

Reserved: 2017-08-01T00:00:00

Link: CVE-2017-12159

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2017-10-26T17:29:00.267

Modified: 2019-10-09T23:22:23.293

Link: CVE-2017-12159

cve-icon Redhat

Severity : Moderate

Publid Date: 2017-10-17T00:00:00Z

Links: CVE-2017-12159 - Bugzilla