CVE-2020-1758
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
A flaw was found in Keycloak in versions before 10.0.0, where it does not perform the TLS hostname verification while sending emails using the SMTP server. This flaw allows an attacker to perform a man-in-the-middle (MITM) attack.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | keycloak | keycloak versions before 10.0.0 | affected |
Weaknesses
- CWE-297: CWE-297
ADP Enrichment
CVE Program Container
Additional References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1758
- https://issues.redhat.com/browse/KEYCLOAK-13285
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1758
- https://issues.redhat.com/browse/KEYCLOAK-13285
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.