CVE-2020-14366
published 2020-11-09CVE-2020-14366: A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a…
high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. Only few specific folder hierarchies can be exposed by this flaw
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| red_hat | keycloak | — | — |
| redhat | keycloak | < 12.0.0 | 12.0.0 |