CVE-2020-14389
published 2020-11-17CVE-2020-14389: It was found that Keycloak before version 12.0.0 would permit a user with only view-profile role to manage the resources in the new account console, allowing…
high8.1CVSS 3.1
AVNACLPRLUINSUCHIHAN
It was found that Keycloak before version 12.0.0 would permit a user with only view-profile role to manage the resources in the new account console, allowing access and modification of data the user was not intended to have.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| redhat | keycloak | < 12.0.0 | 12.0.0 |
| redhat | keycloak | — | — |