PT-2019-13853 · Red Hat · Keycloak

Chess Hazlett

Published

2019-10-15

Updated

2022-05-24

CVE-2019-14832

CVSS v3.1

7.5

High

Vector

AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Keycloak versions prior to 8.0.0 Keycloak versions prior to 7.0.1

Description A flaw was found in the Keycloak REST API where it would permit user access from a realm the user was not configured. An authenticated attacker with knowledge of a user id could use this flaw to access unauthorized information or to carry out further attacks.

Recommendations For versions prior to 7.0.1, update to version 7.0.1 or later. For versions prior to 8.0.0, update to version 8.0.0 or later.

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

CVE-2019-14832

GHSA-8PRC-58J4-M55Q

RHSA-2019:3044

RHSA-2019:3045

RHSA-2019:3046

Affected Products

Keycloak

PT-2019-13853 · Red Hat · Keycloak

CVE-2019-14832

Weakness Enumeration

Related Identifiers

Affected Products

References · 6