4 matches found
CVE-2019-10169
A flaw was found in Keycloak’s user-managed access interface, where it would permit a script to be set in the UMA policy. This flaw allows an authenticated attacker with UMA permissions to configure a malicious script to trigger and execute arbitrary code with the permissions of the user running...
Design/Logic Flaw
A flaw was found in Keycloak’s user-managed access interface, where it would permit a script to be set in the UMA policy. This flaw allows an authenticated attacker with UMA permissions to configure a malicious script to trigger and execute arbitrary code with the permissions of the user running...
CVE-2019-10169
Keycloak UMA policy abuse (CVE-2019-10169) enables an authenticated attacker with UMA permissions to set a malicious script in the user-managed access policy, triggering execution of code with the permissions of the running application user. The core issue is a script in UMA policy configuration ...
CVE-2019-10169
A flaw was found in Keycloak’s user-managed access interface, where it would permit a script to be set in the UMA policy. This flaw allows an authenticated attacker with UMA permissions to configure a malicious script to trigger and execute arbitrary code with the permissions of the user running...