Описание
A flaw was found in the Keycloak REST API before version 8.0.0 where it would permit user access from a realm the user was not configured. An authenticated attacker with knowledge of a user id could use this flaw to access unauthorized information or to carry out further attacks.
A flaw was found in the Keycloak REST API where it would permit user access from a realm the user was not configured. An authenticated attacker with knowledge of a user id could use this flaw to access unauthorized information or to carry out further attacks.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Fuse 7 | keycloak | Will not fix | ||
| Red Hat Mobile Application Platform 4 | keycloak | Out of support scope | ||
| Red Hat OpenShift Application Runtimes | keycloak | Out of support scope | ||
| Red Hat support for Spring Boot | keycloak | Affected | ||
| Red Hat Runtimes Spring Boot 2.1.12 | keycloak | Fixed | RHSA-2020:2366 | 04.06.2020 |
| Red Hat Single Sign-On 7.3.4 zip | Fixed | RHSA-2019:3050 | 14.10.2019 | |
| Red Hat Single Sign-On 7.3 for RHEL 6 | rh-sso7-keycloak | Fixed | RHSA-2019:3044 | 14.10.2019 |
| Red Hat Single Sign-On 7.3 for RHEL 7 | rh-sso7-keycloak | Fixed | RHSA-2019:3045 | 14.10.2019 |
| Red Hat Single Sign-On 7.3 for RHEL 7 | rh-sso7-libunix-dbus-java | Fixed | RHSA-2019:3045 | 14.10.2019 |
| Red Hat Single Sign-On 7.3 for RHEL 8 | rh-sso7-keycloak | Fixed | RHSA-2019:3046 | 14.10.2019 |
Показывать по
Дополнительная информация
Статус:
EPSS
5 Medium
CVSS3
Связанные уязвимости
A flaw was found in the Keycloak REST API before version 8.0.0 where it would permit user access from a realm the user was not configured. An authenticated attacker with knowledge of a user id could use this flaw to access unauthorized information or to carry out further attacks.
A flaw was found in the Keycloak REST API before version 8.0.0 where i ...
EPSS
5 Medium
CVSS3