Описание
A flaw was found in the Keycloak admin console, where the realm management interface permits a script to be set via the policy. This flaw allows an attacker with authenticated user and realm management permissions to configure a malicious script to trigger and execute arbitrary code with the permissions of the application user.
Ссылки
- Issue TrackingVendor Advisory
- Issue TrackingVendor Advisory
Уязвимые конфигурации
EPSS
6.6 Medium
CVSS3
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
Связанные уязвимости
A flaw was found in the Keycloak admin console, where the realm management interface permits a script to be set via the policy. This flaw allows an attacker with authenticated user and realm management permissions to configure a malicious script to trigger and execute arbitrary code with the permissions of the application user.
A flaw was found in the Keycloak admin console, where the realm manage ...
Privilege Defined With Unsafe Actions in Keycloak
EPSS
6.6 Medium
CVSS3
7.2 High
CVSS3
6.5 Medium
CVSS2