Описание
A flaw was found in Keycloak in versions before 9.0.2. This flaw allows a malicious user that is currently logged in, to see the personal information of a previously logged out user in the account manager section.
A flaw was found in Keycloak. This flaw allows a malicious user that is currently logged in, to see the personal information of a previously logged out user in the account manager section.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Decision Manager 7 | keycloak | Not affected | ||
| Red Hat Fuse 7 | keycloak | Not affected | ||
| Red Hat OpenShift Application Runtimes | keycloak | Affected | ||
| Red Hat Process Automation 7 | keycloak | Not affected | ||
| Red Hat Runtimes Spring Boot 2.2.6 | keycloak | Fixed | RHSA-2020:2252 | 01.06.2020 |
| Red Hat Single Sign On 7.3.8 | Fixed | RHSA-2020:2112 | 12.05.2020 | |
| Red Hat Single Sign-On 7.3 for RHEL 6 | rh-sso7-keycloak | Fixed | RHSA-2020:2106 | 12.05.2020 |
| Red Hat Single Sign-On 7.3 for RHEL 7 | rh-sso7-keycloak | Fixed | RHSA-2020:2107 | 12.05.2020 |
| Red Hat Single Sign-On 7.3 for RHEL 8 | rh-sso7-keycloak | Fixed | RHSA-2020:2108 | 12.05.2020 |
| Text-Only RHOAR | Fixed | RHSA-2020:2905 | 23.07.2020 |
Показывать по
10
Дополнительная информация
Статус:
Low
Дефект:
CWE-613
https://bugzilla.redhat.com/show_bug.cgi?id=1800527keycloak: problem with privacy after user logout
EPSS
Процентиль: 34%
0.00136
Низкий
4.3 Medium
CVSS3
Связанные уязвимости
CVSS3: 4.3
nvd
больше 5 лет назад
A flaw was found in Keycloak in versions before 9.0.2. This flaw allows a malicious user that is currently logged in, to see the personal information of a previously logged out user in the account manager section.
CVSS3: 4.3
debian
больше 5 лет назад
A flaw was found in Keycloak in versions before 9.0.2. This flaw allow ...
EPSS
Процентиль: 34%
0.00136
Низкий
4.3 Medium
CVSS3