Improper privilege management in Keycloak

GHSA-c9x9-xv66-xp3v · CVE-2020-14389

Published Nov 10, 2021 · Modified Nov 8, 2023

Description

A flaw was found in Keycloak, where it would permit a user with a view-profile role to manage the resources in the new account console. This flaw allows a user with a view-profile role to access and modify data for which the user does not have adequate permission.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2020-14389
WEB https://access.redhat.com/security/cve/cve-2020-14389

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes