Описание
Improper privilege management in Keycloak
A flaw was found in Keycloak, where it would permit a user with a view-profile role to manage the resources in the new account console. This flaw allows a user with a view-profile role to access and modify data for which the user does not have adequate permission.
Пакеты
org.keycloak:keycloak-core
< 12.0.0
12.0.0
Связанные уязвимости
It was found that Keycloak before version 12.0.0 would permit a user with only view-profile role to manage the resources in the new account console, allowing access and modification of data the user was not intended to have.
It was found that Keycloak before version 12.0.0 would permit a user with only view-profile role to manage the resources in the new account console, allowing access and modification of data the user was not intended to have.
It was found that Keycloak before version 12.0.0 would permit a user w ...