Описание
Red Hat Keycloak before version 2.4.0 did not correctly check permissions when handling service account user deletion requests sent to the rest server. An attacker with service account authentication could use this flaw to bypass normal permissions and delete users in a separate realm.
Ссылки
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Vendor Advisory
- Issue Tracking
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Vendor Advisory
- Issue Tracking
Уязвимые конфигурации
Одновременно
Одно из
Одно из
EPSS
6.5 Medium
CVSS3
5.5 Medium
CVSS2
Дефекты
Связанные уязвимости
Red Hat Keycloak before version 2.4.0 did not correctly check permissions when handling service account user deletion requests sent to the rest server. An attacker with service account authentication could use this flaw to bypass normal permissions and delete users in a separate realm.
Red Hat Keycloak before version 2.4.0 did not correctly check permissi ...
Moderate severity vulnerability that affects org.keycloak:keycloak-core
EPSS
6.5 Medium
CVSS3
5.5 Medium
CVSS2