Описание
A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. Only few specific folder hierarchies can be exposed by this flaw
A flaw was found in keycloak. A path traversal, using URL-encoded path segments in a request, is possible due to transformation of the URL path to a file path at the resource endpoint. The highest threat from this vulnerability is to data confidentiality.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Decision Manager 7 | keycloak | Not affected | ||
| Red Hat Fuse 7 | keycloak | Not affected | ||
| Red Hat OpenShift Application Runtimes | keycloak | Not affected | ||
| Red Hat Process Automation 7 | keycloak | Not affected | ||
| Red Hat Single Sign-On 7 | keyccloak | Affected | ||
| Red Hat support for Spring Boot | keycloak | Not affected | ||
| Red Hat Single Sign-On 7.4.3 | Fixed | RHSA-2020:4931 | 04.11.2020 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.8 Medium
CVSS3
Связанные уязвимости
A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. Only few specific folder hierarchies can be exposed by this flaw
A vulnerability was found in keycloak, where path traversal using URL- ...
EPSS
6.8 Medium
CVSS3