2 matches found
Information Disclosure
keycloak is vulnerable to information disclosure.Internal adapter endpoints in org.keycloak.constants.AdapterConstants are exposed, allowing a remote attacker to access unauthorized information by visiting a specially-crafted URL...
keycloak: adapter endpoints are exposed via arbitrary URLs
It was found that keycloak exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL. This vulnerability could allow an attacker to access unauthorized information...