Keycloak Security Vulnerabilities and Issues — Keycloak CVE List

Lucene search

RedhatKeycloak

3 matches found

CVE•added 2021/05/28 11:15 a.m.•158 views

CVE-2020-27826

A flaw was found in Keycloak before version 12.0.0 where it is possible to update the user's metadata attributes using Account REST API. This flaw allows an attacker to change its own NameID attribute to impersonate the admin user for any particular application.

4.9CVSS3.9AI score0.00166EPSS

CVE•added 2021/05/28 11:15 a.m.•115 views

CVE-2021-20195

A flaw was found in keycloak in versions before 13.0.0. A Self Stored XSS attack vector escalating to a complete account takeover is possible due to user-supplied data fields not being properly encoded and Javascript code being used to process the data. The highest threat from this vulnerability is...

9.6CVSS8.7AI score0.00305EPSS

CVE•added 2021/05/12 3:15 p.m.•102 views

CVE-2021-20202

A flaw was found in keycloak. Directories can be created prior to the Java process creating them in the temporary directory, but with wider user permissions, allowing the attacker to have access to the contents that keycloak stores in this directory. The highest threat from this vulnerability is to...

7.3CVSS6.9AI score0.00046EPSS