GHSA-83j7-mhw9-388w – org.keycloak:keycloak-services

Package

Manager: maven
Name: org.keycloak:keycloak-services
Vulnerable Version: <0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

CVSS v4.0: N/A

EPSS: N/A pctlN/A

Details

Duplicate Advisory: Keycloak Privilege Escalation Vulnerability in Admin Console (FGAPv2 Enabled) ### Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-27gp-8389-hm4w. This link is maintained to preserve external references. ### Original Description A flaw was found in the Keycloak identity and access management system when Fine-Grained Admin Permissions (FGAPv2) are enabled. An administrative user with the manage-users role can escalate their privileges to realm-admin due to improper privilege enforcement. This vulnerability allows unauthorized elevation of access rights, compromising the intended separation of administrative duties and posing a security risk to the realm.

Metadata

Created: 2025-07-18T15:31:57Z
Modified: 2025-07-30T13:16:51Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/07/GHSA-83j7-mhw9-388w/GHSA-83j7-mhw9-388w.json
CWE IDs: ["CWE-269"]
Alternative ID: N/A
Finding: N/A
Auto approve: 0