PT-2019-13853 · Red Hat · Keycloak

Chess Hazlett

Publicado

2019-10-15

Atualizado

2022-05-24

CVE-2019-14832

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Keycloak versions prior to 8.0.0 Keycloak versions prior to 7.0.1

Description A flaw was found in the Keycloak REST API where it would permit user access from a realm the user was not configured. An authenticated attacker with knowledge of a user id could use this flaw to access unauthorized information or to carry out further attacks.

Recommendations For versions prior to 7.0.1, update to version 7.0.1 or later. For versions prior to 8.0.0, update to version 8.0.0 or later.

Correção

Incorrect Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-863

Identificadores relacionados

CVE-2019-14832

GHSA-8PRC-58J4-M55Q

RHSA-2019:3044

RHSA-2019:3045

RHSA-2019:3046

Produtos afetados

Keycloak

PT-2019-13853 · Red Hat · Keycloak

CVE-2019-14832

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6