Описание
It was found that Keycloak before version 12.0.0 would permit a user with only view-profile role to manage the resources in the new account console, allowing access and modification of data the user was not intended to have.
Уязвимые конфигурации
Конфигурация 1Версия до 12.0.0 (исключая)
cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*
EPSS
Процентиль: 36%
0.00148
Низкий
8.1 High
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-916
CWE-916
Связанные уязвимости
CVSS3: 8.1
redhat
больше 5 лет назад
It was found that Keycloak before version 12.0.0 would permit a user with only view-profile role to manage the resources in the new account console, allowing access and modification of data the user was not intended to have.
CVSS3: 8.1
debian
около 5 лет назад
It was found that Keycloak before version 12.0.0 would permit a user w ...
EPSS
Процентиль: 36%
0.00148
Низкий
8.1 High
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-916
CWE-916