Описание
A flaw was found in Keycloak Admin API. This vulnerability allows an administrator with limited privileges to retrieve sensitive custom attributes via the /unmanagedAttributes endpoint, bypassing User Profile visibility settings.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| keycloak | itp | package |
EPSS
Процентиль: 6%
0.00023
Низкий
Связанные уязвимости
CVSS3: 2.7
nvd
5 дней назад
A flaw was found in Keycloak Admin API. This vulnerability allows an administrator with limited privileges to retrieve sensitive custom attributes via the /unmanagedAttributes endpoint, bypassing User Profile visibility settings.
CVSS3: 2.7
github
5 дней назад
Keycloak Admin API allows an administrator with limited privileges to retrieve sensitive custom attributes
EPSS
Процентиль: 6%
0.00023
Низкий