CVE-2020-14389
N/A
N/A
Summary
It was found that Keycloak before version 12.0.0 would permit a user with only view-profile role to manage the resources in the new account console, allowing access and modification of data the user was not intended to have.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | keycloak | before version 12.0.0 | affected |
Weaknesses
- CWE-916: CWE-916
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.