Path Traversal Vulnerability in Keycloak by Red Hat
CVE-2020-14366
6.8MEDIUM
Summary
A path traversal vulnerability was discovered in Keycloak, which allows attackers to exploit URL-encoded path segments to access restricted resources. This occurs due to improper transformations of the URL path to the corresponding file path at the resources endpoint. As a result, sensitive information in specific folder hierarchies may be exposed, posing a security risk to affected systems.
Affected Version(s)
keycloak before (excluding) 12.0.0
References
CVSS V3.1
Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved