Описание
ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a resource to the classloader. By sending requests for theme resources with a relative path from an external HTTP client, the client will receive the content of random files if available.
Ссылки
- Vendor Advisory
- Issue TrackingVendor Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- Permissions RequiredVendor Advisory
- Vendor Advisory
- Issue TrackingVendor Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- Permissions RequiredVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 15.1.0 (исключая)
cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*
EPSS
Процентиль: 58%
0.00364
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-552
CWE-22
Связанные уязвимости
CVSS3: 4.3
redhat
больше 4 лет назад
ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a resource to the classloader. By sending requests for theme resources with a relative path from an external HTTP client, the client will receive the content of random files if available.
CVSS3: 4.3
debian
больше 3 лет назад
ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows read ...
CVSS3: 4.3
github
больше 3 лет назад
Keycloak has Files or Directories Accessible to External Parties
EPSS
Процентиль: 58%
0.00364
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-552
CWE-22