CVE-2020-14389

HIGH8.1EPSS 0.15%

Improper privilege management in Keycloak

Published: 11/10/2021Modified: 11/8/2023

Description

A flaw was found in Keycloak, where it would permit a user with a view-profile role to manage the resources in the new account console. This flaw allows a user with a view-profile role to access and modify data for which the user does not have adequate permission.

Affected packages (1)

Maven/org.keycloak:keycloak-corefrom 0, < 12.0.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH8.1	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

References (2)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-14389
WEBhttps://access.redhat.com/security/cve/cve-2020-14389