Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
436
VMScore

CVE-2020-27826

Published: 28/05/2021 Updated: 04/06/2021
CVSS v2 Base Score: 4.9 | Impact Score: 4.9 | Exploitability Score: 6.8
CVSS v3 Base Score: 4.2 | Impact Score: 2.5 | Exploitability Score: 1.6
VMScore: 436
Vector: AV:N/AC:M/Au:S/C:P/I:P/A:N
Subscribe to Keycloak

Vulnerability Summary

A flaw was found in Keycloak before version 12.0.0 where it is possible to update the user's metadata attributes using Account REST API. This flaw allows an malicious user to change its own NameID attribute to impersonate the admin user for any particular application.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

redhat keycloak

redhat single sign-on -

redhat single sign-on 7.4

redhat single sign-on 7.4.4

Vendor Advisories

Red Hat: Low: Red Hat Single Sign-On 7.4.4 security update on RHEL 7
Synopsis Low: Red Hat Single Sign-On 744 security update on RHEL 7 Type/Severity Security Advisory: Low Topic New Red Hat Single Sign-On 744 packages are now available for Red Hat Enterprise Linux 7 Description Red Hat Single Sign-On 74 is a standalone server, based on the Keycloak pr ...
Red Hat: Low: Red Hat Single Sign-On 7.4.4 security update on RHEL 6
Synopsis Low: Red Hat Single Sign-On 744 security update on RHEL 6 Type/Severity Security Advisory: Low Topic New Red Hat Single Sign-On 744 packages are now available for Red Hat Enterprise Linux 6 Description Red Hat Single Sign-On 74 is a standalone server, based on the Keycloak pr ...
Red Hat: Low: Red Hat Single Sign-On 7.4.4 security update on RHEL 8
Synopsis Low: Red Hat Single Sign-On 744 security update on RHEL 8 Type/Severity Security Advisory: Low Topic New Red Hat Single Sign-On 744 packages are now available for Red Hat Enterprise Linux 8 Description Red Hat Single Sign-On 74 is a standalone server, based on the Keycloak pr ...
Red Hat: Important: Red Hat Single Sign-On 7.4.4 security update
Synopsis Important: Red Hat Single Sign-On 744 security update Type/Severity Security Advisory: Important Topic A security update is now available for Red Hat Single Sign-On 74 from the Customer PortalRed Hat Product Security has rated this update as having a security impact of Important A Common Vulne ...
Arch Linux Issues:
A flaw was found in keycloak versions prior to 1200 where it is possible to update the user's meta-data attributes using Account REST API It is now possible for any evil user to change its own NameID attribute to impersonate the admin user for any particular application ...

References

CWE-250https://bugzilla.redhat.com/show_bug.cgi?id=1905089https://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2020:5527https://security.archlinux.org/CVE-2020-27826
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook