VDB
CVE-2019-14832
CVE-2019-14832
PUBLISHED
CVSS 5 MEDIUM
Reported by redhat · Published October 15, 2019
A flaw was found in the Keycloak REST API before version 8.0.0 where it would permit user access from a realm the user was not configured. An authenticated attacker with knowledge of a user id could use this flaw to access unauthorized information or to carry out further attacks.
Risk Scores
CVSS 3.0
5
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| keycloak | keycloak REST API | before version 8.0.0, fixed in 8.0.0 |
| Maven | org.keycloak:keycloak-model-jpa | 0, 0, 0 |
| keycloak | keycloak REST API | fixed in 8.0.0, before version 8.0.0, 8.0.0 |
| npm | keycloak-connect | 0, 0, 0 |
| Maven | org.keycloak:keycloak-model-infinispan | 0, 0, 0 |
Timeline
- Oct 15, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score