CVE-2020-1725Incorrect Authorization in Redhat Keycloak

CWE-863Incorrect AuthorizationCWE-668Resource Exposure8 documents6 sources
Severity
5.4MEDIUMNVD
EPSS
0.1%
top 69.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Keycloak
Timeline
PublishedJan 28
Latest updateFeb 9

Description

A flaw was found in keycloak before version 13.0.0. In some scenarios a user still has access to a resource after changing the role mappings in Keycloak and after expiration of the previous access token.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages2 packages

NVDredhat/keycloak< 13.0.0
CVEListV5redhat/keycloakkeycloak 13.0.0

🔴Vulnerability Details

3
OSV
Incorrect Authorization in keycloak2022-02-09
GHSA
Incorrect Authorization in keycloak2022-02-09
CVEList
CVE-2020-1725: A flaw was found in keycloak before version 132021-01-28

📋Vendor Advisories

1
Red Hat
keycloak-gatekeeper: improper usage of parsed claims for authorization leads to improper resource access2021-01-19

💬Community

3
Bugzilla
CVE-2020-27756 ImageMagick: division by zero at MagickCore/geometry.c2020-11-03
Bugzilla
CVE-2020-2111 jenkins-subversion-plugin: XSS in project repository base url2020-03-31
Bugzilla
CVE-2020-1725 keycloak-gatekeeper: improper usage of parsed claims for authorization leads to improper resource access2019-10-24
CVE-2020-1725 — Incorrect Authorization in Redhat | cvebase