Описание
A flaw was found in all versions of Keycloak before 10.0.0, where the NodeJS adapter did not support the verify-token-audience. This flaw results in some users having access to sensitive information outside of their permissions.
A flaw was found in Keycloak, where the NodeJS adapter did not support the verify-token-audience. This flaw results in some users having access to sensitive information outside of their permissions.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Fuse 7 | keycloak | Not affected | ||
| Red Hat Mobile Application Platform 4 | keycloak | Out of support scope | ||
| Red Hat OpenShift Application Runtimes | keycloak | Not affected | ||
| Red Hat Single Sign-On 7 | rh-sso7-keycloak | Affected | ||
| Red Hat Single Sign-On 7.4.1 | Fixed | RHSA-2020:2813 | 02.07.2020 |
Показывать по
Дополнительная информация
Статус:
EPSS
3.3 Low
CVSS3
Связанные уязвимости
A flaw was found in all versions of Keycloak before 10.0.0, where the NodeJS adapter did not support the verify-token-audience. This flaw results in some users having access to sensitive information outside of their permissions.
A flaw was found in all versions of Keycloak before 10.0.0, where the ...
Incorrect Permission Assignment for Critical Resource and Permissive List of Allowed Inputs in Keycloak
EPSS
3.3 Low
CVSS3