Описание
A flaw was found in keycloak before version 13.0.0. In some scenarios a user still has access to a resource after changing the role mappings in Keycloak and after expiration of the previous access token.
A flaw was found in keycloak-gatekeeper. In some scenarios a user still has access to a resource after changing the role mappings in Keycloak and after expiration of the previous access token. The highest threat from this vulnerability is to data confidentiality and integrity.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Fuse 7 | keycloak | Not affected | ||
| Red Hat Mobile Application Platform 4 | keycloak | Not affected | ||
| Red Hat OpenShift Application Runtimes | keycloak | Not affected | ||
| Red Hat Single Sign-On 7 | rh-sso7-keycloak | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
5.4 Medium
CVSS3
Связанные уязвимости
A flaw was found in keycloak before version 13.0.0. In some scenarios a user still has access to a resource after changing the role mappings in Keycloak and after expiration of the previous access token.
A flaw was found in keycloak before version 13.0.0. In some scenarios ...
EPSS
5.4 Medium
CVSS3