Fluid Attacks Database

Description

Improper privilege management in Keycloak A flaw was found in Keycloak, where it would permit a user with a view-profile role to manage the resources in the new account console. This flaw allows a user with a view-profile role to access and modify data for which the user does not have adequate permission.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
npm	keycloak-connect	>=0 <12.0.0	12.0.0
maven	org.keycloak:keycloak-services	>=0 <12.0.0	12.0.0
maven	org.keycloak:keycloak-core	>=0 <12.0.0	12.0.0
maven	org.keycloak:keycloak-server-spi-private	>=0 <12.0.0	12.0.0
maven	org.keycloak:keycloak-model-jpa	>=0 <12.0.0	12.0.0
maven	org.keycloak:keycloak-wildfly-server-subsystem	>=0 <12.0.0	12.0.0

Aliases

1. CVE-2020-143892. NVD-2020-143893. OSV-2020-143894. GCVE-2020-143895. ACCESS-cve-2020-14389

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.