Path Traversal Vulnerability in Keycloak by Red Hat
CVE-2020-14366

6.8MEDIUM

Key Information:

Vendor
Red Hat
Status
Vendor
CVE Published:
9 November 2020

Summary

A path traversal vulnerability was discovered in Keycloak, which allows attackers to exploit URL-encoded path segments to access restricted resources. This occurs due to improper transformations of the URL path to the corresponding file path at the resources endpoint. As a result, sensitive information in specific folder hierarchies may be exposed, posing a security risk to affected systems.

Affected Version(s)

keycloak before (excluding) 12.0.0

References

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.