15 matches found
keycloak-services: Keycloak Admin REST API: Improper Access Control leads to sensitive role metadata information disclosure
A flaw was found in Keycloak Admin REST Representational State Transfer API. This vulnerability allows information disclosure of sensitive role metadata via insufficient authorization checks on the /admin/realms/realm/roles endpoint...
Information Disclosure
org.keycloak, keycloak-services is vulnerable to information disclosure. The vulnerability is due to insufficient authorization checks on the /admin/realms/realm/roles endpoint, which allows an attacker to access and disclose sensitive role metadata without proper permissions...
Access Control Bypass
Overview org.keycloak:keycloak-model-infinispan is a part of the keycloak project. Affected versions of this package are vulnerable to Access Control Bypass via insufficient authorization checks on the /admin/realms/realm/roles endpoint. A remote authenticated attacker with high-privileges can...
Access Control Bypass
Overview org.keycloak:keycloak-server-spi-private is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Access Control Bypass via insufficient authorization checks on the /admin/realms/realm/roles...
GHSA-6Q37-7866-H27J Keycloak Admin REST (Representational State Transfer) API does not properly enforce permissions
A flaw was found in Keycloak Admin REST Representational State Transfer API. This vulnerability allows information disclosure of sensitive role metadata via insufficient authorization checks on the /admin/realms/realm/roles endpoint...
Keycloak Admin REST (Representational State Transfer) API does not properly enforce permissions
A flaw was found in Keycloak Admin REST Representational State Transfer API. This vulnerability allows information disclosure of sensitive role metadata via insufficient authorization checks on the /admin/realms/realm/roles endpoint...
EUVD-2025-202403
Keycloak Admin REST Representational State Transfer API does not properly enforce permissions...
CVE-2025-14082
A flaw was found in Keycloak Admin REST Representational State Transfer API. This vulnerability allows information disclosure of sensitive role metadata via insufficient authorization checks on the /admin/realms/realm/roles endpoint...
CVE-2025-14082
The CVE-2025-14082 issue affects Keycloak’s Admin REST API. Affected component: Keycloak Admin REST endpoints; root cause: insufficient authorization checks on the /admin/realms/{realm}/roles endpoint allow an attacker with high privileges to access sensitive role metadata. Impact: information di...
CVE-2025-14082 Keycloak-services: keycloak admin rest api: improper access control leads to sensitive role metadata information disclosure
A flaw was found in Keycloak Admin REST Representational State Transfer API. This vulnerability allows information disclosure of sensitive role metadata via insufficient authorization checks on the /admin/realms/realm/roles endpoint...
CVE-2025-14082 Keycloak-services: keycloak admin rest api: improper access control leads to sensitive role metadata information disclosure
A flaw was found in Keycloak Admin REST Representational State Transfer API. This vulnerability allows information disclosure of sensitive role metadata via insufficient authorization checks on the /admin/realms/realm/roles endpoint...
CVE-2025-14082
A flaw was found in Keycloak Admin REST Representational State Transfer API. This vulnerability allows information disclosure of sensitive role metadata via insufficient authorization checks on the /admin/realms/realm/roles endpoint. Mitigation Mitigation for this issue is either not available or...
PT-2025-50313
A flaw was found in Keycloak Admin REST Representational State Transfer API. This vulnerability allows information disclosure of sensitive role metadata via insufficient authorization checks on the /admin/realms/realm/roles endpoint...
Keycloak 访问控制错误漏洞
Keycloak is an open source identity and access management solution from Keycloak Open Source. Keycloak suffers from an Access Control Error vulnerability that stems from insufficient authorization checks and could lead to the disclosure of sensitive role metadata...
EUVD-2021-2252
Malware in sbrugna...