Lucene search
RedhatCVELIST:CVE-2020-27838HistoryMar 08, 2021 - 9:41 p.m.
CVE-2020-27838
2021-03-0821:41:27
CWE-287
redhat
www.cve.org
7
keycloak
vulnerability
data confidentiality
A flaw was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fetching information about PUBLIC clients (like client secret) without authentication which could be an issue if the same PUBLIC client changed to CONFIDENTIAL later. The highest threat from this vulnerability is to data confidentiality.
CNA Affected
[
{
"product": "keycloak",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "keycloak 13.0.0"
}
]
}
]Related
prion
prion
Authentication flaw
2021-03-08 22:15:00
cve
cve
CVE-2020-27838
2021-03-08 22:15:13
nvd
nvd
CVE-2020-27838
2021-03-08 22:15:13
osv
osv
Keycloak discloses information without authentication
2022-05-24 17:43:50
CVE-2020-27838
2021-03-08 22:15:13
nuclei
nuclei
KeyCloak - Information Exposure
2024-01-16 09:57:16
github
github
Keycloak discloses information without authentication
2022-05-24 17:43:50
redhatcve
redhatcve
CVE-2020-27838
2020-12-11 17:56:50
archlinux
archlinux
[ASA-202105-6] keycloak: multiple issues
2021-05-19 00:00:00