It was found that keycloak before version 8.0.0 exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL. This vulnerability could allow an malicious user to access unauthorized information.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat keycloak |
||
redhat single sign-on 7.3 |
||
redhat jboss enterprise application platform 6.4.0 |
||
redhat jboss enterprise application platform 7.2.0 |
||
redhat jboss fuse 7.0.0 |