CVE-2019-14832

HIGH7.5EPSS 0.38%

Keycloak Unauthenticated Access

Published: 5/24/2022Modified: 2/16/2024

Description

A flaw was found in the Keycloak REST API before version 8.0.0, implemented in Keycloak before 7.0.1 where it would permit user access from a realm the user was not configured. An authenticated attacker with knowledge of a user id could use this flaw to access unauthorized information or to carry out further attacks.

Affected packages (2)

Maven/org.keycloak:keycloak-model-infinispanfrom 0, < 7.0.1
Maven/org.keycloak:keycloak-model-jpafrom 0, < 7.0.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-14832
WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14832
WEBhttps://github.com/keycloak/keycloak/commit/0b73685ccf3181115ae3936a578708630215ac23