CVE-2020-1718 — Improper Authentication in Redhat Keycloak

CWE-287 — Improper Authentication7 documents6 sources

Severity

8.8HIGHNVD

CNA7.1

EPSS

0.4%

top 41.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Keycloak RED HAT Keycloak Redhat Jboss Fuse

Timeline

PublishedMay 12

Latest updateFeb 9

Description

A flaw was found in the reset credential flow in all Keycloak versions before 8.0.0. This flaw allows an attacker to gain unauthorized access to the application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶NVDredhat/keycloak< 8.0.0

▶CVEListV5red_hat/keycloakAll versions before 8.0.0

▶NVDredhat/jboss_fuse7.0.0

🔴Vulnerability Details

OSV

Improper Authentication for Keycloak↗2022-02-09

▶

GHSA

Improper Authentication for Keycloak↗2022-02-09

▶

CVEList

CVE-2020-1718: A flaw was found in the reset credential flow in all Keycloak versions before 8↗2020-05-12

▶

📋Vendor Advisories

Red Hat

keycloak: security issue on reset credential flow↗2020-05-12

▶

💬Community

Bugzilla

CVE-2020-27763 ImageMagick: division by zero at MagickCore/resize.c↗2020-11-04

▶

Bugzilla

CVE-2020-1718 keycloak: security issue on reset credential flow↗2020-01-31

▶