Name of the Vulnerable Software and Affected Versions:

Keycloak (affected versions not specified)

Description:

A path traversal flaw exists in Keycloak’s vault key handling on Windows. A previous fix for a related issue did not account for the Windows file separator (), allowing a high-privilege administrator to probe for files outside the expected realm context through crafted vault secret lookups. This is a platform-specific variant of a previously identified issue.

Recommendations:

At the moment, there is no information about a newer version that contains a fix for this vulnerability.