CVE-2020-1694
published 2020-09-16CVE-2020-1694: A flaw was found in all versions of Keycloak before 10.0.0, where the NodeJS adapter did not support the verify-token-audience. This flaw results in some users…
medium4.9CVSS 3.1
AVNACLPRHUINSUCHINAN
A flaw was found in all versions of Keycloak before 10.0.0, where the NodeJS adapter did not support the verify-token-audience. This flaw results in some users having access to sensitive information outside of their permissions.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| redhat | keycloak | < 10.0.0 | 10.0.0 |
| redhat | keycloak | — | — |