Improper authorization control for web services In org.keycloak:keycloak-services
Description
Keycloak Admin REST (Representational State Transfer) API does not properly enforce permissions A flaw was found in Keycloak Admin REST (Representational State Transfer) API. This vulnerability allows information disclosure of sensitive role metadata via insufficient authorization checks on the /admin/realms/{realm}/roles endpoint.
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package | Affected version | Patched versions |
|---|---|---|---|
 maven | 26.5.0 |
Aliases
1. 2. 3. 4. 5. 6. 7.
References
1. 2.