Описание
A flaw was found in keycloak before version 13.0.0. In some scenarios a user still has access to a resource after changing the role mappings in Keycloak and after expiration of the previous access token.
Ссылки
- Issue TrackingVendor Advisory
- Permissions RequiredVendor Advisory
- Issue TrackingVendor Advisory
- Permissions RequiredVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 13.0.0 (исключая)
cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*
EPSS
Процентиль: 31%
0.00115
Низкий
5.4 Medium
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-863
CWE-863
Связанные уязвимости
CVSS3: 5.4
redhat
около 5 лет назад
A flaw was found in keycloak before version 13.0.0. In some scenarios a user still has access to a resource after changing the role mappings in Keycloak and after expiration of the previous access token.
CVSS3: 5.4
debian
около 5 лет назад
A flaw was found in keycloak before version 13.0.0. In some scenarios ...
EPSS
Процентиль: 31%
0.00115
Низкий
5.4 Medium
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-863
CWE-863