Red Hat · Keycloak · CVE-2020-14389
**Name of the Vulnerable Software and Affected Versions**
Keycloak versions prior to 12.0.0
**Description**
A flaw was found in Keycloak, where it would permit a user with a `view-profile` role to manage the resources in the new account console. This flaw allows a user with a `view-profile` role to access and modify data for which the user does not have adequate permission.
**Recommendations**
For versions prior to 12.0.0, update to version 12.0.0 or later to resolve the issue. As a temporary workaround, consider restricting the `view-profile` role to prevent unauthorized access to the new account console.