CVE-2020-1698

Summary

A flaw was found in keycloak in versions before 9.0.0. A logged exception in the HttpMethod class may leak the password given as parameter. The highest threat from this vulnerability is to data confidentiality.

Affected Software

VendorProductVersion RangeStatus
Red HatkeycloakAll versions before 9.0.0affected

Weaknesses

  • CWE-200: CWE-200

ADP Enrichment

CVE Program Container

Additional References

References