Improper Access Control in Keycloak by Red Hat
CVE-2020-1718

7.1HIGH

Key Information:

Vendor: Red Hat
Status: Keycloak
Vendor: CVE Published:; 12 May 2020

Summary

A flaw in the reset credential flow of Keycloak enables attackers to potentially gain unauthorized access to sensitive application areas. This vulnerability affects all versions before 8.0.0, highlighting the importance of timely updates to mitigate such risks.

Affected Version(s)

keycloak All versions before 8.0.0

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1718

x_refsource_CONFIRM

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 12, 2020
Vulnerability Reserved
Nov 27, 2019