CVE-2019-14832
published 2019-10-15CVE-2019-14832: A flaw was found in the Keycloak REST API before version 8.0.0 where it would permit user access from a realm the user was not configured. An authenticated…
high7.5CVSS 3.1
AVNACHPRLUINSUCHIHAH
A flaw was found in the Keycloak REST API before version 8.0.0 where it would permit user access from a realm the user was not configured. An authenticated attacker with knowledge of a user id could use this flaw to access unauthorized information or to carry out further attacks.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| keycloak | keycloak_rest_api | — | — |
| keycloak | keycloak_rest_api | — | — |
| redhat | keycloak | < 7.0.1 | 7.0.1 |