CVE-2019-14832
5
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
Summary
A flaw was found in the Keycloak REST API before version 8.0.0 where it would permit user access from a realm the user was not configured. An authenticated attacker with knowledge of a user id could use this flaw to access unauthorized information or to carry out further attacks.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| keycloak | keycloak REST API | before version 8.0.0 | affected |
| keycloak | keycloak REST API | fixed in 8.0.0 | affected |
Weaknesses
- CWE-863: CWE-863
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.