Описание
A flaw was found in keycloak in versions before 9.0.0. A logged exception in the HttpMethod class may leak the password given as parameter. The highest threat from this vulnerability is to data confidentiality.
Ссылки
- Issue TrackingVendor Advisory
- Issue TrackingVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 9.0.0 (исключая)
cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*
EPSS
Процентиль: 16%
0.00051
Низкий
5 Medium
CVSS3
5.5 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-200
CWE-532
Связанные уязвимости
CVSS3: 5
redhat
почти 6 лет назад
A flaw was found in keycloak in versions before 9.0.0. A logged exception in the HttpMethod class may leak the password given as parameter. The highest threat from this vulnerability is to data confidentiality.
CVSS3: 5
debian
больше 5 лет назад
A flaw was found in keycloak in versions before 9.0.0. A logged except ...
CVSS3: 5.5
github
больше 3 лет назад
Keycloak leaks sensitive information in logged exceptions
EPSS
Процентиль: 16%
0.00051
Низкий
5 Medium
CVSS3
5.5 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-200
CWE-532