Lucene search

Veracode Vulnerability DatabaseVERACODE:21695

HistoryOct 15, 2019 - 12:23 a.m.

Information Disclosure

2019-10-1500:23:04

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

JSON

keycloak is vulnerable to information disclosure.Internal adapter endpoints in org.keycloak.constants.AdapterConstants are exposed, allowing a remote attacker to access unauthorized information by visiting a specially-crafted URL.

CPENameOperatorVersion
rh-sso7-keycloakeq2.5.15__2.Final_redhat_3.1.jbcs.el6
rh-sso7-keycloakeq3.4.6__1.Final_redhat_1.1.jbcs.el6
rh-sso7-keycloakeq2.5.5__2.Final_redhat_1.1.jbcs.el7
rh-sso7-keycloakeq2.5.14__1.Final_redhat_1.1.jbcs.el6
rh-sso7-keycloakeq3.4.10__1.Final_redhat_1.1.jbcs.el7
rh-sso7-keycloakeq3.4.12__1.Final_redhat_1.1.jbcs.el7
rh-sso7-keycloakeq3.4.3__1.Final_redhat_2.1.jbcs.el7
rh-sso7-keycloakeq3.4.3__1.Final_redhat_2.1.jbcs.el6
rh-sso7-keycloakeq2.5.7__1.Final_redhat_2.1.jbcs.el6
rh-sso7-keycloakeq3.4.8__2.Final_redhat_6.1.jbcs.el6

Name	Operator	Version
rh-sso7-keycloak	eq	2.5.15__2.Final_redhat_3.1.jbcs.el6
rh-sso7-keycloak	eq	3.4.6__1.Final_redhat_1.1.jbcs.el6
rh-sso7-keycloak	eq	2.5.5__2.Final_redhat_1.1.jbcs.el7
rh-sso7-keycloak	eq	2.5.14__1.Final_redhat_1.1.jbcs.el6
rh-sso7-keycloak	eq	3.4.10__1.Final_redhat_1.1.jbcs.el7
rh-sso7-keycloak	eq	3.4.12__1.Final_redhat_1.1.jbcs.el7
rh-sso7-keycloak	eq	3.4.3__1.Final_redhat_2.1.jbcs.el7
rh-sso7-keycloak	eq	3.4.3__1.Final_redhat_2.1.jbcs.el6
rh-sso7-keycloak	eq	2.5.7__1.Final_redhat_2.1.jbcs.el6
rh-sso7-keycloak	eq	3.4.8__2.Final_redhat_6.1.jbcs.el6

Rows per page:

1-10 of 481

References

access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.3/

access.redhat.com/errata/RHSA-2019:3044

access.redhat.com/security/updates/classification/#important

bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14820

github.com/advisories/GHSA-xfqh-7356-vqjj

issues.jboss.org/browse/KEYCLOAK-11454

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

JSON

Related for VERACODE:21695