Lucene search
K

10 matches found

RedHat Linux
RedHat Linux
added 2026/04/02 1:54 p.m.45 views

keycloak: Keycloak: Information Disclosure via improper role enforcement in UMA 2.0 Protection API

A flaw was found in Keycloak. The User-Managed Access UMA 2.0 Protection API endpoint for permission tickets fails to enforce the umaprotection role check. This allows any authenticated user with a token issued for a resource server client, even without the umaprotection role, to enumerate all...

4.3CVSS5.8AI score0.00319EPSS
Exploits0References4
OSV
OSV
added 2026/03/26 9:31 p.m.4 views

GHSA-Q35R-VVHV-VX5H Keycloak: Missing Role Enforcement on UMA 2.0 Permission Ticket Endpoint Leads to Information Disclosure

A flaw was found in Keycloak. The User-Managed Access UMA 2.0 Protection API endpoint for permission tickets fails to enforce the umaprotection role check. This allows any authenticated user with a token issued for a resource server client, even without the umaprotection role, to enumerate all...

4.3CVSS5.8AI score0.00319EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/03/26 9:31 p.m.5 views

Keycloak: Missing Role Enforcement on UMA 2.0 Permission Ticket Endpoint Leads to Information Disclosure

A flaw was found in Keycloak. The User-Managed Access UMA 2.0 Protection API endpoint for permission tickets fails to enforce the umaprotection role check. This allows any authenticated user with a token issued for a resource server client, even without the umaprotection role, to enumerate all...

4.3CVSS5.8AI score0.00319EPSS
Exploits0References8Affected Software3
EUVD
EUVD
added 2026/03/26 9:31 p.m.8 views

EUVD-2026-16309

A flaw was found in Keycloak. The User-Managed Access UMA 2.0 Protection API endpoint for permission tickets fails to enforce the umaprotection role check. This allows any authenticated user with a token issued for a resource server client, even without the umaprotection role, to enumerate all...

4.3CVSS5.7AI score0.00319EPSS
Exploits0References3
NVD
NVD
added 2026/03/26 7:17 p.m.7 views

CVE-2026-3190

A flaw was found in Keycloak. The User-Managed Access UMA 2.0 Protection API endpoint for permission tickets fails to enforce the umaprotection role check. This allows any authenticated user with a token issued for a resource server client, even without the umaprotection role, to enumerate all...

4.3CVSS0.00319EPSS
Exploits0References4
CVE
CVE
added 2026/03/26 7:12 p.m.44 views

CVE-2026-3190

CVE-2026-3190 affects Keycloak via the UMA 2.0 Protection API endpoint for permission tickets, where the required uma_protection role check is not enforced. As a result, any authenticated user with a token issued for a resource server client can enumerate all permission tickets, leading to partia...

4.3CVSS5.7AI score0.00319EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/03/26 7:12 p.m.23 views

CVE-2026-3190 Keycloak: keycloak: information disclosure via improper role enforcement in uma 2.0 protection api

A flaw was found in Keycloak. The User-Managed Access UMA 2.0 Protection API endpoint for permission tickets fails to enforce the umaprotection role check. This allows any authenticated user with a token issued for a resource server client, even without the umaprotection role, to enumerate all...

4.3CVSS0.00319EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/26 7:12 p.m.5 views

CVE-2026-3190

A flaw was found in Keycloak. The User-Managed Access UMA 2.0 Protection API endpoint for permission tickets fails to enforce the umaprotection role check. This allows any authenticated user with a token issued for a resource server client, even without the umaprotection role, to enumerate all...

4.3CVSS5.7AI score0.00319EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/26 7:12 p.m.2 views

CVE-2026-3190 Keycloak: keycloak: information disclosure via improper role enforcement in uma 2.0 protection api

A flaw was found in Keycloak. The User-Managed Access UMA 2.0 Protection API endpoint for permission tickets fails to enforce the umaprotection role check. This allows any authenticated user with a token issued for a resource server client, even without the umaprotection role, to enumerate all...

4.3CVSS5.8AI score0.00319EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.5 views

PT-2026-28428

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists in Keycloak where the User-Managed Access UMA 2.0 Protection API endpoint for permission tickets does not properly enforce the uma protection role check. This allows any...

4.3CVSS5.9AI score0.00319EPSS
Exploits0References8
Rows per page
Query Builder