Lucene search
K

58 matches found

RedHat Linux
RedHat Linux
added 2026/04/02 1:54 p.m.6 views

org.keycloak.services.resources.admin.UserResource: Keycloak: Information disclosure of disabled user attributes via administrative endpoint

A flaw was found in Keycloak. An authenticated user with the view-users role could exploit a vulnerability in the UserResource component. By accessing a specific administrative endpoint, this user could improperly retrieve user attributes that were configured to be hidden. This unauthorized...

2.7CVSS5.8AI score0.00332EPSS
Exploits0References4
Snyk
Snyk
added 2026/03/11 6:31 a.m.3 views

Exposure of Private Personal Information to an Unauthorized Actor

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Exposure of Private Personal Information to an Unauthorized Actor via the...

6.9CVSS5.8AI score0.00332EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/11 6:31 a.m.4 views

EUVD-2026-11107

A flaw was found in Keycloak. An authenticated user with the view-users role could exploit a vulnerability in the UserResource component. By accessing a specific administrative endpoint, this user could improperly retrieve user attributes that were configured to be hidden. This unauthorized...

2.7CVSS5.7AI score0.00332EPSS
Exploits0References3
OSV
OSV
added 2026/03/11 6:31 a.m.10 views

GHSA-XH32-C9WX-PHRP Keycloak: Information disclosure of disabled user attributes via administrative endpoint

A flaw was found in Keycloak. An authenticated user with the view-users role could exploit a vulnerability in the UserResource component. By accessing a specific administrative endpoint, this user could improperly retrieve user attributes that were configured to be hidden. This unauthorized...

2.7CVSS5.8AI score0.00332EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2026/03/11 6:31 a.m.5 views

Keycloak: Information disclosure of disabled user attributes via administrative endpoint

A flaw was found in Keycloak. An authenticated user with the view-users role could exploit a vulnerability in the UserResource component. By accessing a specific administrative endpoint, this user could improperly retrieve user attributes that were configured to be hidden. This unauthorized...

2.7CVSS5.7AI score0.00332EPSS
Exploits0References9Affected Software1
NVD
NVD
added 2026/03/11 6:17 a.m.10 views

CVE-2026-3911

A flaw was found in Keycloak. An authenticated user with the view-users role could exploit a vulnerability in the UserResource component. By accessing a specific administrative endpoint, this user could improperly retrieve user attributes that were configured to be hidden. This unauthorized...

2.7CVSS0.00332EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/11 5:36 a.m.3 views

CVE-2026-3911 Org.keycloak.services.resources.admin.userresource: keycloak: information disclosure of disabled user attributes via administrative endpoint

A flaw was found in Keycloak. An authenticated user with the view-users role could exploit a vulnerability in the UserResource component. By accessing a specific administrative endpoint, this user could improperly retrieve user attributes that were configured to be hidden. This unauthorized...

2.7CVSS5.7AI score0.00332EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/11 5:36 a.m.27 views

CVE-2026-3911 Org.keycloak.services.resources.admin.userresource: keycloak: information disclosure of disabled user attributes via administrative endpoint

A flaw was found in Keycloak. An authenticated user with the view-users role could exploit a vulnerability in the UserResource component. By accessing a specific administrative endpoint, this user could improperly retrieve user attributes that were configured to be hidden. This unauthorized...

2.7CVSS0.00332EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/11 5:36 a.m.5 views

EUVD-2026-11108

A flaw was found in Keycloak. An authenticated user with the view-users role could exploit a vulnerability in the UserResource component. By accessing a specific administrative endpoint, this user could improperly retrieve user attributes that were configured to be hidden. This unauthorized...

2.7CVSS5.7AI score0.00332EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/11 5:36 a.m.2 views

CVE-2026-3911

A flaw was found in Keycloak. An authenticated user with the view-users role could exploit a vulnerability in the UserResource component. By accessing a specific administrative endpoint, this user could improperly retrieve user attributes that were configured to be hidden. This unauthorized...

2.7CVSS5.8AI score0.00332EPSS
Exploits0References5
CVE
CVE
added 2026/03/11 5:36 a.m.23 views

CVE-2026-3911

CVE-2026-3911 describes an information-disclosure flaw in Keycloak. An authenticated user with the view-users role can access a specific administrative endpoint in the UserResource component and retrieve user attributes configured as hidden, exposing sensitive data. The published CVSS v3.1 score ...

2.7CVSS5.7AI score0.00332EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/11 5:36 a.m.3 views

CVE-2026-3911

A flaw was found in Keycloak. An authenticated user with the view-users role could exploit a vulnerability in the UserResource component. By accessing a specific administrative endpoint, this user could improperly retrieve user attributes that were configured to be hidden. This unauthorized...

2.7CVSS5.6AI score0.00332EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.5 views

PT-2026-24583

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description An issue exists in Keycloak where an authenticated user possessing the view-users role can access and retrieve user attributes intended to be hidden. This occurs through exploitation of a fl...

2.7CVSS5.8AI score0.00332EPSS
Exploits0References13
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.6 views

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. There is a security vulnerability in Keycloak, which stems from a flaw in the UserResource component. This vulnerability could allow authenticated users with the view-users role to improperly retrieve user...

2.7CVSS5.8AI score0.00332EPSS
Exploits0References3
OSV
OSV
added 2026/03/01 1:30 a.m.3 views

GHSA-W878-F8C6-7R63 Statamic's missing authorization allows access to email addresses

Impact User email addresses were included in responses from the user fieldtype’s data endpoint for control panel users who did not have the “view users” permission. Patches This has been fixed in 5.73.11 and 6.4.0...

6.5CVSS5.9AI score0.00231EPSS
Exploits0References5
NVD
NVD
added 2026/02/27 11:16 p.m.14 views

CVE-2026-28424

Statmatic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.11 and 6.4.0, user email addresses were included in responses from the user fieldtype’s data endpoint for control panel users who did not have the "view users" permission. This has been fixed in 5.73.11 a...

6.5CVSS0.00231EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/27 10:14 p.m.3 views

CVE-2026-28424 Statamic's missing authorization allows access to email addresses

Statmatic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.11 and 6.4.0, user email addresses were included in responses from the user fieldtype’s data endpoint for control panel users who did not have the "view users" permission. This has been fixed in 5.73.11 a...

6.5CVSS5.9AI score0.00231EPSS
Exploits0References3
EUVD
EUVD
added 2026/02/27 10:14 p.m.5 views

EUVD-2026-9093

Statmatic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.11 and 6.4.0, user email addresses were included in responses from the user fieldtype’s data endpoint for control panel users who did not have the "view users" permission. This has been fixed in 5.73.11 a...

6.5CVSS5.9AI score0.00231EPSS
Exploits0References3
CVE
CVE
added 2026/02/27 10:14 p.m.18 views

CVE-2026-28424

Statamic CMS contains a medium-severity exposure where email addresses were returned by the user fieldtype data endpoint for control panel users lacking the view users permission. Affected versions are prior to 5.73.11 and 6.4.0. The issue has been fixed in 5.73.11 and 6.4.0. The CVSS vector indi...

6.5CVSS5.9AI score0.00231EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/02/27 10:14 p.m.25 views

CVE-2026-28424 Statamic's missing authorization allows access to email addresses

Statmatic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.11 and 6.4.0, user email addresses were included in responses from the user fieldtype’s data endpoint for control panel users who did not have the "view users" permission. This has been fixed in 5.73.11 a...

6.5CVSS0.00231EPSS
Exploits0References3
Rows per page
Query Builder