Improper Access Control in Keycloak by Red Hat
CVE-2020-1718

7.1HIGH

Key Information:

Vendor
Red Hat
Status
Vendor
CVE Published:
12 May 2020

Summary

A flaw in the reset credential flow of Keycloak enables attackers to potentially gain unauthorized access to sensitive application areas. This vulnerability affects all versions before 8.0.0, highlighting the importance of timely updates to mitigate such risks.

Affected Version(s)

keycloak All versions before 8.0.0

References

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.