Описание
A flaw was found in the Keycloak identity and access management system when Fine-Grained Admin Permissions(FGAPv2) are enabled. An administrative user with the manage-users role can escalate their privileges to realm-admin due to improper privilege enforcement. This vulnerability allows unauthorized elevation of access rights, compromising the intended separation of administrative duties and posing a security risk to the realm.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Issue Tracking
Уязвимые конфигурации
EPSS
6.5 Medium
CVSS3
Дефекты
Связанные уязвимости
A flaw was found in the Keycloak identity and access management system when Fine-Grained Admin Permissions(FGAPv2) are enabled. An administrative user with the manage-users role can escalate their privileges to realm-admin due to improper privilege enforcement. This vulnerability allows unauthorized elevation of access rights, compromising the intended separation of administrative duties and posing a security risk to the realm.
A flaw was found in the Keycloak identity and access management system ...
Keycloak Privilege Escalation Vulnerability in Admin Console (FGAPv2 Enabled)
EPSS
6.5 Medium
CVSS3