Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-10169

Опубликовано: 30 апр. 2020
Источник: redhat
CVSS3: 6.6
EPSS Низкий

Описание

A flaw was found in Keycloak’s user-managed access interface, where it would permit a script to be set in the UMA policy. This flaw allows an authenticated attacker with UMA permissions to configure a malicious script to trigger and execute arbitrary code with the permissions of the user running application.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Single Sign-On 7rh-sso7-keycloakAffected
Red Hat Single Sign-On 7.3.4 zipFixedRHSA-2019:305014.10.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-267
https://bugzilla.redhat.com/show_bug.cgi?id=1721302keycloak: script execution via UMA policy trigger

EPSS

Процентиль: 69%
0.00608
Низкий

6.6 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2019-10169

CVSS3: 6.6
nvd
больше 5 лет назад

A flaw was found in Keycloak’s user-managed access interface, where it would permit a script to be set in the UMA policy. This flaw allows an authenticated attacker with UMA permissions to configure a malicious script to trigger and execute arbitrary code with the permissions of the user running application.

debian логотип

CVE-2019-10169

CVSS3: 6.6
debian
больше 5 лет назад

A flaw was found in Keycloak\u2019s user-managed access interface, whe ...

github логотип

GHSA-9c24-43p5-fv82

CVSS3: 7.2
github
больше 3 лет назад

Keycloak code execution via UMA policy abuse

EPSS

Процентиль: 69%
0.00608
Низкий

6.6 Medium

CVSS3