CVE-2020-1717

CWE-2097 documents6 sources
Severity
2.7LOW
EPSS
0.2%
top 59.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Redhat Jboss FuseRedhat KeycloakRedhat Single Sign-on
Timeline
PublishedFeb 11
Latest updateFeb 9

Description

A flaw was found in Keycloak 7.0.1. A logged in user can do an account email enumeration attack.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:NExploitability: 1.2 | Impact: 1.4

Affected Packages5 packages

CVEListV5keycloakkeycloak 7.0.1
NVDredhat/keycloak7.0.1

🔴Vulnerability Details

3
OSV
Generation of Error Message Containing Sensitive Information in Keycloak2022-02-09
GHSA
Generation of Error Message Containing Sensitive Information in Keycloak2022-02-09
CVEList
CVE-2020-1717: A flaw was found in Keycloak 72021-02-11

📋Vendor Advisories

1
Red Hat
Keycloak: A logged in user can do an account email enumeration attack2021-02-10

💬Community

2
Bugzilla
CVE-2020-27760 ImageMagick: division by zero at MagickCore/enhance.c2020-11-03
Bugzilla
CVE-2020-1717 Keycloak: A logged in user can do an account email enumeration attack2020-01-30