8 matches found
Information Disclosure
org.keycloak, keycloak-services is vulnerable to information disclosure. The vulnerability is due to insufficient authorization checks on the /admin/realms/realm/roles endpoint, which allows an attacker to access and disclose sensitive role metadata without proper permissions...
Access Control Bypass
Overview org.keycloak:keycloak-model-infinispan is a part of the keycloak project. Affected versions of this package are vulnerable to Access Control Bypass via insufficient authorization checks on the /admin/realms/realm/roles endpoint. A remote authenticated attacker with high-privileges can...
Access Control Bypass
Overview org.keycloak:keycloak-authz-policy-common is a KeyCloak AuthZ: Common Policy Providers Affected versions of this package are vulnerable to Access Control Bypass via insufficient authorization checks on the /admin/realms/realm/roles endpoint. A remote authenticated attacker with...
CVE-2025-14082
A flaw was found in Keycloak Admin REST Representational State Transfer API. This vulnerability allows information disclosure of sensitive role metadata via insufficient authorization checks on the /admin/realms/realm/roles endpoint...
CVE-2025-14082
The CVE-2025-14082 issue affects Keycloak’s Admin REST API. Affected component: Keycloak Admin REST endpoints; root cause: insufficient authorization checks on the /admin/realms/{realm}/roles endpoint allow an attacker with high privileges to access sensitive role metadata. Impact: information di...
CVE-2025-14082 Keycloak-services: keycloak admin rest api: improper access control leads to sensitive role metadata information disclosure
A flaw was found in Keycloak Admin REST Representational State Transfer API. This vulnerability allows information disclosure of sensitive role metadata via insufficient authorization checks on the /admin/realms/realm/roles endpoint...
CVE-2025-14082 Keycloak-services: keycloak admin rest api: improper access control leads to sensitive role metadata information disclosure
A flaw was found in Keycloak Admin REST Representational State Transfer API. This vulnerability allows information disclosure of sensitive role metadata via insufficient authorization checks on the /admin/realms/realm/roles endpoint...
PT-2025-50313
A flaw was found in Keycloak Admin REST Representational State Transfer API. This vulnerability allows information disclosure of sensitive role metadata via insufficient authorization checks on the /admin/realms/realm/roles endpoint...