Описание
A flaw was found in all versions of Keycloak before 10.0.0, where the NodeJS adapter did not support the verify-token-audience. This flaw results in some users having access to sensitive information outside of their permissions.
Ссылки
- Issue TrackingVendor Advisory
- Issue TrackingVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 10.0.0 (исключая)
cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*
EPSS
Процентиль: 51%
0.00275
Низкий
4.9 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-183
CWE-732
Связанные уязвимости
CVSS3: 3.3
redhat
больше 5 лет назад
A flaw was found in all versions of Keycloak before 10.0.0, where the NodeJS adapter did not support the verify-token-audience. This flaw results in some users having access to sensitive information outside of their permissions.
CVSS3: 4.9
debian
больше 5 лет назад
A flaw was found in all versions of Keycloak before 10.0.0, where the ...
CVSS3: 4.9
github
почти 4 года назад
Incorrect Permission Assignment for Critical Resource and Permissive List of Allowed Inputs in Keycloak
EPSS
Процентиль: 51%
0.00275
Низкий
4.9 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-183
CWE-732