Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-10169

Опубликовано: 08 мая 2020
Источник: nvd
CVSS3: 6.6
CVSS3: 7.2
CVSS2: 6.5
EPSS Низкий

Описание

A flaw was found in Keycloak’s user-managed access interface, where it would permit a script to be set in the UMA policy. This flaw allows an authenticated attacker with UMA permissions to configure a malicious script to trigger and execute arbitrary code with the permissions of the user running application.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*
Версия до 8.0.0 (исключая)

EPSS

Процентиль: 73%
0.00742
Низкий

6.6 Medium

CVSS3

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-267
NVD-CWE-noinfo

Связанные уязвимости

redhat логотип

CVE-2019-10169

CVSS3: 6.6
redhat
почти 6 лет назад

A flaw was found in Keycloak’s user-managed access interface, where it would permit a script to be set in the UMA policy. This flaw allows an authenticated attacker with UMA permissions to configure a malicious script to trigger and execute arbitrary code with the permissions of the user running application.

debian логотип

CVE-2019-10169

CVSS3: 6.6
debian
больше 5 лет назад

A flaw was found in Keycloak\u2019s user-managed access interface, whe ...

github логотип

GHSA-9c24-43p5-fv82

CVSS3: 7.2
github
больше 3 лет назад

Keycloak code execution via UMA policy abuse

EPSS

Процентиль: 73%
0.00742
Низкий

6.6 Medium

CVSS3

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-267
NVD-CWE-noinfo