CVE-2020-14389

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Keycloak versions prior to 12.0.0

Description A flaw was found in Keycloak, where it would permit a user with a view-profile role to manage the resources in the new account console. This flaw allows a user with a view-profile role to access and modify data for which the user does not have adequate permission.

Recommendations For versions prior to 12.0.0, update to version 12.0.0 or later to resolve the issue. As a temporary workaround, consider restricting the view-profile role to prevent unauthorized access to the new account console.

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269CWE-916

Related Identifiers

CVE-2020-14389

GHSA-C9X9-XV66-XP3V

RHSA-2020:4929

RHSA-2020:4930

RHSA-2020:4932

Affected Products

Keycloak

CVE-2020-14389

Weakness Enumeration

Related Identifiers

Affected Products

References · 7