Описание
Keycloak Admin REST (Representational State Transfer) API does not properly enforce permissions
A flaw was found in Keycloak Admin REST (Representational State Transfer) API. This vulnerability allows information disclosure of sensitive role metadata via insufficient authorization checks on the /admin/realms/{realm}/roles endpoint.
Пакеты
Наименование
org.keycloak:keycloak-services
maven
Затронутые версииВерсия исправления
< 26.5.0
26.5.0
Связанные уязвимости
CVSS3: 2.7
nvd
около 2 месяцев назад
A flaw was found in Keycloak Admin REST (Representational State Transfer) API. This vulnerability allows information disclosure of sensitive role metadata via insufficient authorization checks on the /admin/realms/{realm}/roles endpoint.
CVSS3: 2.7
debian
около 2 месяцев назад
A flaw was found in Keycloak Admin REST (Representational State Transf ...