Keycloak Insufficient Session Expiry

GHSA-8xj2-47xw-q78c · CVE-2020-1724

Published May 24, 2022 · Modified Apr 23, 2024

Description

A flaw was found in Keycloak in versions before 9.0.2. This flaw allows a malicious user that is currently logged in, to see the personal information of a previously logged out user in the account manager section.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2020-1724
WEB https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1724
PACKAGE https://github.com/keycloak/keycloak

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes