Lucene search
K

12 matches found

RedHat Linux
RedHat Linux
added 2026/05/20 11:23 a.m.10 views

keycloak: org.keycloak.services: Keycloak: Information Disclosure via evaluate-scopes Admin API

A flaw was found in Keycloak. A low-privilege administrator with the 'view-clients' role can exploit this by invoking the 'evaluate-scopes' Admin API endpoints with an arbitrary user ID userId parameter. This vulnerability allows for cross-role personally identifiable information PII leakage,...

4.9CVSS5.9AI score0.00398EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/19 12:31 p.m.9 views

Keycloak: Information Disclosure via evaluate-scopes Admin API

A flaw was found in Keycloak. A low-privilege administrator with the 'view-clients' role can exploit this by invoking the 'evaluate-scopes' Admin API endpoints with an arbitrary user ID userId parameter. This vulnerability allows for cross-role personally identifiable information PII leakage,...

4.9CVSS5.9AI score0.00398EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2026/05/19 12:31 p.m.5 views

GHSA-RRV7-3MQF-HXFR Keycloak: Information Disclosure via evaluate-scopes Admin API

A flaw was found in Keycloak. A low-privilege administrator with the 'view-clients' role can exploit this by invoking the 'evaluate-scopes' Admin API endpoints with an arbitrary user ID userId parameter. This vulnerability allows for cross-role personally identifiable information PII leakage,...

4.9CVSS5.9AI score0.00398EPSS
Exploits0References8
NVD
NVD
added 2026/05/19 12:16 p.m.14 views

CVE-2026-37978

A flaw was found in Keycloak. A low-privilege administrator with the 'view-clients' role can exploit this by invoking the 'evaluate-scopes' Admin API endpoints with an arbitrary user ID userId parameter. This vulnerability allows for cross-role personally identifiable information PII leakage,...

4.9CVSS0.00398EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/19 10:52 a.m.9 views

CVE-2026-37978

A flaw was found in Keycloak. A low-privilege administrator with the 'view-clients' role can exploit this by invoking the 'evaluate-scopes' Admin API endpoints with an arbitrary user ID userId parameter. This vulnerability allows for cross-role personally identifiable information PII leakage,...

4.9CVSS5.9AI score0.00398EPSS
Exploits0References5
CVE
CVE
added 2026/05/19 10:52 a.m.38 views

CVE-2026-37978

Keycloak CVE-2026-37978 involves an information disclosure via the evaluate-scopes Admin API. A low-privilege administrator with the 'view-clients' role can invoke evaluate-scopes using an arbitrary userId, enabling cross-role PII leakage across the realm. The vulnerability is exploitable remotel...

4.9CVSS5.9AI score0.00398EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/05/19 10:52 a.m.44 views

CVE-2026-37978 Keycloak: org.keycloak.services: keycloak: information disclosure via evaluate-scopes admin api

A flaw was found in Keycloak. A low-privilege administrator with the 'view-clients' role can exploit this by invoking the 'evaluate-scopes' Admin API endpoints with an arbitrary user ID userId parameter. This vulnerability allows for cross-role personally identifiable information PII leakage,...

4.9CVSS0.00398EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/19 10:52 a.m.10 views

CVE-2026-37978 Keycloak: org.keycloak.services: keycloak: information disclosure via evaluate-scopes admin api

A flaw was found in Keycloak. A low-privilege administrator with the 'view-clients' role can exploit this by invoking the 'evaluate-scopes' Admin API endpoints with an arbitrary user ID userId parameter. This vulnerability allows for cross-role personally identifiable information PII leakage,...

4.9CVSS5.9AI score0.00398EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/19 10:52 a.m.14 views

EUVD-2026-30882

A flaw was found in Keycloak. A low-privilege administrator with the 'view-clients' role can exploit this by invoking the 'evaluate-scopes' Admin API endpoints with an arbitrary user ID userId parameter. This vulnerability allows for cross-role personally identifiable information PII leakage,...

4.9CVSS5.9AI score0.00398EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/19 10:47 a.m.11 views

CVE-2026-37978

A flaw was found in Keycloak. A low-privilege administrator with the 'view-clients' role can exploit this by invoking the 'evaluate-scopes' Admin API endpoints with an arbitrary user ID userId parameter. This vulnerability allows for cross-role personally identifiable information PII leakage,...

4.9CVSS5.8AI score0.00398EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.8 views

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak itself. Keycloak has a security vulnerability, which stems from low-privilege administrators with the view-clients role being able to exploit the evaluate-scopes management API endpoint by passing arbitrary...

4.9CVSS5.9AI score0.00398EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.11 views

PT-2026-41869

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw in the Admin API allows a low-privilege administrator with the 'view-clients' role to cause cross-role personally identifiable information PII leakage. By invoking the 'evaluate-scope...

4.9CVSS5.9AI score0.00398EPSS
Exploits0References6
Rows per page
Query Builder