Keycloak Unauthenticated Access
High severity
GitHub Reviewed
Published
May 24, 2022
to the GitHub Advisory Database
•
Updated Aug 1, 2023
Description
Published by the National Vulnerability Database
Oct 15, 2019
Published to the GitHub Advisory Database
May 24, 2022
Reviewed
Aug 1, 2023
Last updated
Aug 1, 2023
A flaw was found in the Keycloak REST API before version 8.0.0, implemented in Keycloak before 7.0.1 where it would permit user access from a realm the user was not configured. An authenticated attacker with knowledge of a user id could use this flaw to access unauthorized information or to carry out further attacks.
References