Lucene search
K

11 matches found

RedHat Linux
RedHat Linux
added 2026/06/25 6:47 p.m.6 views

keycloak: Keycloak: Information disclosure through arbitrary filesystem path probing

A flaw was found in Keycloak. A realm administrator with the "manage-realm" role can exploit this vulnerability by submitting an arbitrary filesystem path as a keystore parameter when creating a key provider component. This allows the administrator to probe arbitrary filesystem paths, determining...

4.9CVSS5.9AI score0.00519EPSS
Exploits0References4
NVD
NVD
added 2026/06/25 5:17 p.m.8 views

CVE-2026-9083

A flaw was found in Keycloak. A realm administrator with the "manage-realm" role can exploit this vulnerability by submitting an arbitrary filesystem path as a keystore parameter when creating a key provider component. This allows the administrator to probe arbitrary filesystem paths, determining...

4.9CVSS0.00519EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/25 4:17 p.m.32 views

CVE-2026-9083 Keycloak: keycloak: information disclosure through arbitrary filesystem path probing

A flaw was found in Keycloak. A realm administrator with the "manage-realm" role can exploit this vulnerability by submitting an arbitrary filesystem path as a keystore parameter when creating a key provider component. This allows the administrator to probe arbitrary filesystem paths, determining...

4.9CVSS0.00519EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/25 4:17 p.m.6 views

EUVD-2026-39476

A flaw was found in Keycloak. A realm administrator with the "manage-realm" role can exploit this vulnerability by submitting an arbitrary filesystem path as a keystore parameter when creating a key provider component. This allows the administrator to probe arbitrary filesystem paths, determining...

4.9CVSS5.9AI score0.00519EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/25 4:17 p.m.7 views

CVE-2026-9083 Keycloak: keycloak: information disclosure through arbitrary filesystem path probing

A flaw was found in Keycloak. A realm administrator with the "manage-realm" role can exploit this vulnerability by submitting an arbitrary filesystem path as a keystore parameter when creating a key provider component. This allows the administrator to probe arbitrary filesystem paths, determining...

4.9CVSS5.9AI score0.00519EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/25 4:1 p.m.5 views

CVE-2026-9083

A flaw was found in Keycloak. A realm administrator with the "manage-realm" role can exploit this vulnerability by submitting an arbitrary filesystem path as a keystore parameter when creating a key provider component. This allows the administrator to probe arbitrary filesystem paths, determining...

4.9CVSS5.9AI score0.00519EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.8 views

PT-2026-52505

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A realm administrator with the manage-realm role can probe arbitrary filesystem paths by submitting an arbitrary path as a keystore parameter during the creation of a key provider component...

4.9CVSS5.9AI score0.00519EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/08 11:44 a.m.54 views

CVE-2026-11577

...

0.00329EPSS
Exploits0
CVE
CVE
added 2026/05/28 3:49 a.m.36 views

CVE-2026-9795

The CVE-2026-9795 entries describe a flaw in Keycloak's Fine-Grained Admin Permissions (FGAPv2). An administrator with limited client-management perms can assign any realm role to a client's scope mapping, bypassing controls, causing the injected role to appear in a user’s authentication token an...

7.3CVSS5.7AI score0.00292EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/28 3:49 a.m.10 views

CVE-2026-9795

A flaw was found in Keycloak's Fine-Grained Admin Permissions FGAPv2 feature. An administrator with limited client management permissions can exploit this vulnerability to assign any realm role, including highly privileged roles, to a client's scope mapping. This bypasses intended security...

7.3CVSS5.7AI score0.00292EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.18 views

PT-2026-44186

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists in the Fine-Grained Admin Permissions FGAPv2 feature. An administrator with limited client management permissions can assign any realm role, including highly privileged ones, t...

7.3CVSS5.7AI score0.00292EPSS
Exploits0References15
Rows per page
Query Builder