logo

Database

Excessive privileges - Wildcards In org.keycloak:keycloak-authz-client

Description

Keycloak code execution via UMA policy abuse A flaw was found in Keycloak’s user-managed access interface, where it would permit a script to be set in the UMA policy. This flaw allows an authenticated attacker with UMA permissions to configure a malicious script to trigger and execute arbitrary code with the permissions of the user running application.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2019-101692. NVD-2019-101693. OSV-2019-101694. GCVE-2019-101695. bugzilla.redhat.com

References

1. https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10169

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.