CVE-2019-14832Incorrect Authorization in Redhat Keycloak

CWE-863Incorrect Authorization6 documents6 sources
Severity
7.5HIGHNVD
EPSS
0.4%
top 40.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Redhat KeycloakKeycloak Rest API
Timeline
PublishedOct 15
Latest updateMay 24

Description

A flaw was found in the Keycloak REST API before version 8.0.0 where it would permit user access from a realm the user was not configured. An authenticated attacker with knowledge of a user id could use this flaw to access unauthorized information or to carry out further attacks.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages2 packages

CVEListV5keycloak/keycloak_rest_apibefore version 8.0.0, fixed in 8.0.0+1
NVDredhat/keycloak< 7.0.1

🔴Vulnerability Details

3
GHSA
Keycloak Unauthenticated Access2022-05-24
OSV
Keycloak Unauthenticated Access2022-05-24
CVEList
CVE-2019-14832: A flaw was found in the Keycloak REST API before version 82019-10-15

📋Vendor Advisories

1
Red Hat
keycloak: cross-realm user access auth bypass2019-10-14

💬Community

1
Bugzilla
CVE-2019-14832 keycloak: cross-realm user access auth bypass2019-09-05
CVE-2019-14832 — Incorrect Authorization in Redhat | cvebase