Описание
Keycloak Unauthenticated Access
A flaw was found in the Keycloak REST API before version 8.0.0, implemented in Keycloak before 7.0.1 where it would permit user access from a realm the user was not configured. An authenticated attacker with knowledge of a user id could use this flaw to access unauthorized information or to carry out further attacks.
Пакеты
org.keycloak:keycloak-model-infinispan
< 7.0.1
7.0.1
org.keycloak:keycloak-model-jpa
< 7.0.1
7.0.1
Связанные уязвимости
A flaw was found in the Keycloak REST API before version 8.0.0 where it would permit user access from a realm the user was not configured. An authenticated attacker with knowledge of a user id could use this flaw to access unauthorized information or to carry out further attacks.
A flaw was found in the Keycloak REST API before version 8.0.0 where it would permit user access from a realm the user was not configured. An authenticated attacker with knowledge of a user id could use this flaw to access unauthorized information or to carry out further attacks.
A flaw was found in the Keycloak REST API before version 8.0.0 where i ...