CVE-2020-27826 — Execution with Unnecessary Privileges in Redhat Keycloak

CWE-250 — Execution with Unnecessary Privileges5 documents5 sources

Severity

4.2MEDIUMNVD

EPSS

0.2%

top 62.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Keycloak Redhat Single Sign-on

Timeline

PublishedMay 28

Latest updateMar 18

Description

A flaw was found in Keycloak before version 12.0.0 where it is possible to update the user's metadata attributes using Account REST API. This flaw allows an attacker to change its own NameID attribute to impersonate the admin user for any particular application.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 1.6 | Impact: 2.5

Affected Packages3 packages

▶NVDredhat/keycloak< 12.0.0

▶CVEListV5redhat/keycloakkeycloak 12.0.0

▶NVDredhat/single_sign-on7.4, 7.4.4+1

🔴Vulnerability Details

OSV

Authentication Bypass in keycloak↗2022-03-18

▶

GHSA

Authentication Bypass in keycloak↗2022-03-18

▶

CVEList

CVE-2020-27826: A flaw was found in Keycloak before version 12↗2021-05-28

▶

📋Vendor Advisories

Red Hat

keycloak: Account REST API can update user metadata attributes↗2020-12-07

▶