Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-14820

Опубликовано: 14 окт. 2019
Источник: redhat
CVSS3: 4.3
EPSS Низкий

Описание

It was found that keycloak before version 8.0.0 exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL. This vulnerability could allow an attacker to access unauthorized information.

It was found that keycloak exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL. This vulnerability could allow an attacker to access unauthorized information.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Fuse 7keycloakNot affected
Red Hat Mobile Application Platform 4keycloakOut of support scope
Red Hat OpenShift Application RuntimeskeycloakOut of support scope
Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6keycloak-adapter-sso7_3-eap6FixedRHSA-2019:304814.10.2019
Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7keycloak-adapter-sso7_3-eap6FixedRHSA-2019:304814.10.2019
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6eap7-keycloak-adapter-sso7_3FixedRHSA-2019:304914.10.2019
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7eap7-keycloak-adapter-sso7_3FixedRHSA-2019:304914.10.2019
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8eap7-keycloak-adapter-sso7_3FixedRHSA-2019:304914.10.2019
Red Hat Single Sign-On 7.3.4 zipFixedRHSA-2019:305014.10.2019
Red Hat Single Sign-On 7.3 for RHEL 6rh-sso7-keycloakFixedRHSA-2019:304414.10.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=1649870keycloak: adapter endpoints are exposed via arbitrary URLs

EPSS

Процентиль: 54%
0.0031
Низкий

4.3 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2019-14820

CVSS3: 4.3
nvd
около 6 лет назад

It was found that keycloak before version 8.0.0 exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL. This vulnerability could allow an attacker to access unauthorized information.

debian логотип

CVE-2019-14820

CVSS3: 4.3
debian
около 6 лет назад

It was found that keycloak before version 8.0.0 exposes internal adapt ...

github логотип

GHSA-xfqh-7356-vqjj

CVSS3: 4.3
github
почти 6 лет назад

Exposure of Sensitive Information to an Unauthorized Actor in Keycloak

EPSS

Процентиль: 54%
0.0031
Низкий

4.3 Medium

CVSS3