PT-2020-14914 · Red Hat · Keycloak+3

Paramvir Jindal

Published

2020-05-11

Updated

2022-05-24

CVE-2020-1724

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Keycloak versions prior to 9.0.2 Redhat Keycloak (affected versions not specified) Redhat Openshift Application Runtimes (affected versions not specified) Redhat Single Sign-On (affected versions not specified)

Description A flaw in the software allows a malicious user who is currently logged in to see the personal information of a previously logged out user in the account manager section.

Recommendations For Keycloak versions prior to 9.0.2, update to version 9.0.2 or later to resolve the issue. At the moment, there is no information about a newer version that contains a fix for Redhat Keycloak, Redhat Openshift Application Runtimes, and Redhat Single Sign-On.

Fix

Insufficient Session Expiration

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-613

Related Identifiers

CVE-2020-1724

GHSA-8XJ2-47XW-Q78C

RHSA-2020:2106

RHSA-2020:2107

RHSA-2020:2108

Affected Products

Keycloak

Red Hat Keycloak

Redhat Openshift Application Runtimes

Red Hat Single Sign-On

PT-2020-14914 · Red Hat · Keycloak+3

CVE-2020-1724

Weakness Enumeration

Related Identifiers

Affected Products

References · 5