Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
RedhatKeycloak

3 matches found

CVE
CVEadded 2020/11/17 2:15 a.m.144 views

CVE-2020-14389

It was found that Keycloak before version 12.0.0 would permit a user with only view-profile role to manage the resources in the new account console, allowing access and modification of data the user was not intended to have.

8.1CVSS7.7AI score0.00148EPSS
CVE
CVEadded 2020/11/17 2:15 a.m.128 views

CVE-2020-10776

A flaw was found in Keycloak before version 12.0.0, where it is possible to add unsafe schemes for the redirect_uri parameter. This flaw allows an attacker to perform a Cross-site scripting attack.

4.8CVSS4.6AI score0.00271EPSS
CVE
CVEadded 2020/11/09 5:15 p.m.102 views

CVE-2020-14366

A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. Only few specific folder hierarchies can be exposed by this flaw

7.5CVSS7.3AI score0.00384EPSS