logo

Database

Authentication mechanism absence or evasion In org.keycloak:keycloak-model-infinispan

Description

Keycloak Unauthenticated Access A flaw was found in the Keycloak REST API before version 8.0.0, implemented in Keycloak before 7.0.1 where it would permit user access from a realm the user was not configured. An authenticated attacker with knowledge of a user id could use this flaw to access unauthorized information or to carry out further attacks.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2019-148322. NVD-2019-148323. OSV-2019-148324. GCVE-2019-148325. bugzilla.redhat.com

References

1. https://github.com/keycloak/keycloak/commit/0b73685ccf3181115ae3936a578708630215ac232. https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14832

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.