Ahus1

**Name of the Vulnerable Software and Affected Versions** Keycloak (affected versions not specified) **Description** A flaw exists in Keycloak where the `/admin` path can be accessed via a proxy, such as ha-proxy, by using relative or non-normalized paths. Keycloak documentation advises against exposing the `/admin` path externally, especially when a proxy is in use. This issue allows access to the `/admin` application path relative to `/realms`, which is intended to be exposed. **Recommendations** Do not expose the `/admin` path to external networks, particularly when using a proxy server.