CVE-2019-14832

Summary

A flaw was found in the Keycloak REST API before version 8.0.0 where it would permit user access from a realm the user was not configured. An authenticated attacker with knowledge of a user id could use this flaw to access unauthorized information or to carry out further attacks.

Affected Software

VendorProductVersion RangeStatus
keycloakkeycloak REST APIbefore version 8.0.0affected
keycloakkeycloak REST APIfixed in 8.0.0affected

Weaknesses

  • CWE-863: CWE-863

ADP Enrichment

CVE Program Container

Additional References

References