Path Traversal Vulnerability in Keycloak by Red Hat
CVE-2020-14366

6.8MEDIUM

Key Information:

Vendor: Red Hat
Status: Keycloak
Vendor: CVE Published:; 9 November 2020

Summary

A path traversal vulnerability was discovered in Keycloak, which allows attackers to exploit URL-encoded path segments to access restricted resources. This occurs due to improper transformations of the URL path to the corresponding file path at the resources endpoint. As a result, sensitive information in specific folder hierarchies may be exposed, posing a security risk to affected systems.

Affected Version(s)

keycloak before (excluding) 12.0.0

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14366

x_refsource_CONFIRM

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Nov 9, 2020
Vulnerability Reserved
Jun 17, 2020