CVE-2016-8629
N/A
N/A
Summary
Red Hat Keycloak before version 2.4.0 did not correctly check permissions when handling service account user deletion requests sent to the rest server. An attacker with service account authentication could use this flaw to bypass normal permissions and delete users in a separate realm.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat, Inc. | Keycloak | 2.4.0 | affected |
Weaknesses
- CWE-284: CWE-284
ADP Enrichment
CVE Program Container
Additional References
- http://rhn.redhat.com/errata/RHSA-2017-0876.html
- http://www.securitytracker.com/id/1038180
- https://bugzilla.redhat.com/show_bug.cgi?id=1388988
- http://www.securityfocus.com/bid/97392
- https://access.redhat.com/errata/RHSA-2017:0873
- https://access.redhat.com/errata/RHSA-2017:0872
References
- http://rhn.redhat.com/errata/RHSA-2017-0876.html
- http://www.securitytracker.com/id/1038180
- https://bugzilla.redhat.com/show_bug.cgi?id=1388988
- http://www.securityfocus.com/bid/97392
- https://access.redhat.com/errata/RHSA-2017:0873
- https://access.redhat.com/errata/RHSA-2017:0872
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.