Infinispan CVE cve-2021-31917 on keycloak 15.0

Is keycloak 15.0 impacted by the following infinispan CVE?

CVE quick description: A flaw was found in Red Hat DataGrid and Infinispan. An attacker could bypass authentication on all REST endpoints when DIGEST is used as the authentication method. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Keycloak by default use embedded infinispan and REST endpoints are not exposed. They are exposed if you use a separate infinispan cluster, but even then you can define what kind of authorization will you use and how would you expose your REST endpoints.

1 Like

Thanks for the response.