Описание
A flaw was found in Keycloak. An authenticated user with the view-users role could exploit a vulnerability in the UserResource component. By accessing a specific administrative endpoint, this user could improperly retrieve user attributes that were configured to be hidden. This unauthorized information disclosure could expose sensitive user data.
EPSS
2.7 Low
CVSS3
Дефекты
Связанные уязвимости
A flaw was found in Keycloak. An authenticated user with the view-users role could exploit a vulnerability in the UserResource component. By accessing a specific administrative endpoint, this user could improperly retrieve user attributes that were configured to be hidden. This unauthorized information disclosure could expose sensitive user data.
A flaw was found in Keycloak. An authenticated user with the view-user ...
Keycloak: Information disclosure of disabled user attributes via administrative endpoint
EPSS
2.7 Low
CVSS3