[GHSA-4vc8-pg5c-vg4x] Keycloak's improper input validation allows using email as username

[7Ragnarok7]

Updates

• Affected products
• CVSS v3
• References
• Severity

Comments
I've added my GitHub repo link in the references which documents the details and POC. I've also updated the AC to Low, which changes the overall severity to medium. Please review the changes. Kindly add me to the discoverer's credits as this CVE was discovered by me. Thanks. Additionally, it would be great if you can also add my Name with a hyperlink to my LinkedIn: Anurag Mondal (7Ragnarok7): https://linkedin.com/in/7Ragnarok7

[github]

Hi there @abstractj! A community member has suggested an improvement to your security advisory. If approved, this change will affect the global advisory listed at github.com/advisories. It will not affect the version listed in your project repository.

This change will be reviewed by our Security Curation Team. If you have thoughts or feedback, please share them in a comment here! If this PR has already been closed, you can start a new community contribution for this advisory

[darakian]

Hi @7Ragnarok7, this CVE was issued by redhat. Please reach out to them to get a credit on the advisory. They can add you to the source
GHSA-4vc8-pg5c-vg4x
and it should flow through to the global database 👍