CVE-2020-27838

Name of the Vulnerable Software and Affected Versions: Keycloak versions prior to 13.0.0

Description: A flaw was found in the client registration endpoint, allowing it to fetch information about PUBLIC clients, such as client secrets, without authentication. This could be an issue if the same PUBLIC client is later changed to CONFIDENTIAL, posing a threat to data confidentiality.

Recommendations: For versions prior to 13.0.0, update to version 13.0.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the client registration endpoint to minimize the risk of exploitation.