Knutz3N

**Name of the Vulnerable Software and Affected Versions** Keycloak (affected versions not specified) **Description** A privilege escalation flaw was found in the token exchange feature of Keycloak. Missing authorization allows a client application holding a valid access token to exchange tokens for any target client by passing the `client id` of the target. This could allow a client to gain unauthorized access to additional services. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.