CVE-2020-1694
N/A
N/A
Summary
A flaw was found in all versions of Keycloak before 10.0.0, where the NodeJS adapter did not support the verify-token-audience. This flaw results in some users having access to sensitive information outside of their permissions.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | keycloak | all versions before 10.0.0 | affected |
Weaknesses
- CWE-183: CWE-183
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.