CVE-2019-10169
Keycloak UMA policy abuse (CVE-2019-10169) enables an authenticated attacker with UMA permissions to set a malicious script in the user-managed access policy, triggering execution of code with the permissions of the running application user. The core issue is a script in UMA policy configuration ...