Improper Access Control in Keycloak by Red Hat
CVE-2020-1718
7.1HIGH
Summary
A flaw in the reset credential flow of Keycloak enables attackers to potentially gain unauthorized access to sensitive application areas. This vulnerability affects all versions before 8.0.0, highlighting the importance of timely updates to mitigate such risks.
Affected Version(s)
keycloak All versions before 8.0.0
References
CVSS V3.1
Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved