Information Disclosure Vulnerability in Keycloak by Red Hat
CVE-2020-1724

4.3MEDIUM

Key Information:

Vendor: Red Hat
Status: Keycloak
Vendor: CVE Published:; 11 May 2020

Summary

A flaw in Keycloak allows a malicious user, who is currently logged in, to access the personal information of a previously logged out user within the account manager section. This vulnerability affects all Keycloak versions prior to 9.0.2, posing a substantial risk to user privacy and data security.

Affected Version(s)

keycloak All versions before 9.0.2

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1724

x_refsource_CONFIRM

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 11, 2020
Vulnerability Reserved
Nov 27, 2019