Lucene search
RedhatCVELIST:CVE-2020-27826HistoryMay 28, 2021 - 10:20 a.m.
CVE-2020-27826
2021-05-2810:20:30
CWE-250
redhat
www.cve.org
A flaw was found in Keycloak before version 12.0.0 where it is possible to update the user’s metadata attributes using Account REST API. This flaw allows an attacker to change its own NameID attribute to impersonate the admin user for any particular application.
CNA Affected
[
{
"product": "keycloak",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "keycloak 12.0.0"
}
]
}
]Related
redhat
redhat
(RHSA-2020:5526) Low: Red Hat Single Sign-On 7.4.4 security update on RHEL 6
2020-12-15 16:52:18
(RHSA-2020:5527) Low: Red Hat Single Sign-On 7.4.4 security update on RHEL 7
2020-12-15 16:52:26
(RHSA-2020:5528) Low: Red Hat Single Sign-On 7.4.4 security update on RHEL 8
2020-12-15 16:52:33
osv
osv
Authentication Bypass in keycloak
2022-03-18 17:55:26
CVE-2020-27826
2021-05-28 11:15:07
github
github
Authentication Bypass in keycloak
2022-03-18 17:55:26
nessus
nessus
veracode
veracode
Privilege Escalation
2020-12-19 05:51:29
redhatcve
redhatcve
CVE-2020-27826
2020-12-07 17:29:54
cve
cve
CVE-2020-27826
2021-05-28 11:15:07
prion
prion
Design/Logic Flaw
2021-05-28 11:15:00
nvd
nvd
CVE-2020-27826
2021-05-28 11:15:07