CVE-2020-14359 — Authentication Bypass by Primary Weakness in Keycloak Keycloak-gatekeeper

CWE-305 — Authentication Bypass by Primary Weakness6 documents6 sources

Severity

7.3HIGHNVD

EPSS

0.3%

top 50.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Github.com Keycloak Keycloak-gatekeeper Redhat Keycloak

Timeline

PublishedFeb 23

Latest updateFeb 9

Description

A vulnerability was found in all versions of Keycloak Gatekeeper, where on using lower case HTTP headers (via cURL) an attacker can bypass our Gatekeeper. Lower case headers are also accepted by some webservers (e.g. Jetty). This means there is no protection when we put a Gatekeeper in front of a Jetty server and use lowercase headers.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 3.9 | Impact: 3.4

Affected Packages2 packages

▶Gogithub.com/keycloak_keycloak-gatekeeper1.2.8

▶CVEListV5redhat/keycloakall versions as of 2021-02-22

🔴Vulnerability Details

OSV

Keycloak Gatekeeper vulnerable to bypass on using lower case HTTP headers↗2022-02-09

▶

GHSA

Keycloak Gatekeeper vulnerable to bypass on using lower case HTTP headers↗2022-02-09

▶

CVEList

CVE-2020-14359: A vulnerability was found in all versions of Keycloak Gatekeeper, where on using lower case HTTP headers (via cURL) an attacker can bypass our Gatekee↗2021-02-23

▶

📋Vendor Advisories

Red Hat

keycloak-gatekeeper: gatekeeper bypass via cURL when using lower case HTTP headers↗2021-01-19

▶

💬Community

Bugzilla

CVE-2020-14359 keycloak-gatekeeper: gatekeeper bypass via cURL when using lower case HTTP headers↗2020-08-13

▶