3 matches found
Information Disclosure
org.keycloak, keycloak-services is vulnerable to information disclosure. The vulnerability is due to insufficient authorization checks on the /admin/realms/realm/roles endpoint, which allows an attacker to access and disclose sensitive role metadata without proper permissions...
Access Control Bypass
Overview org.keycloak:keycloak-authz-policy-common is a KeyCloak AuthZ: Common Policy Providers Affected versions of this package are vulnerable to Access Control Bypass via insufficient authorization checks on the /admin/realms/realm/roles endpoint. A remote authenticated attacker with...
Access Control Bypass
Overview org.keycloak:keycloak-model-infinispan is a part of the keycloak project. Affected versions of this package are vulnerable to Access Control Bypass via insufficient authorization checks on the /admin/realms/realm/roles endpoint. A remote authenticated attacker with high-privileges can...