Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1wY3Y1LW0yd2gtNjZqM84AAnvw
Keycloak discloses information without authentication
A flaw was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fetching information about PUBLIC clients (like client secret) without authentication which could be an issue if the same PUBLIC client changed to CONFIDENTIAL later. The highest threat from this vulnerability is to data confidentiality.
Permalink: https://github.com/advisories/GHSA-pcv5-m2wh-66j3JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wY3Y1LW0yd2gtNjZqM84AAnvw
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: 14 days ago
CVSS Score: 6.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Identifiers: GHSA-pcv5-m2wh-66j3, CVE-2020-27838
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-27838
- https://bugzilla.redhat.com/show_bug.cgi?id=1906797
- https://github.com/keycloak/keycloak/pull/7790
- https://github.com/keycloak/keycloak/commit/9356843c6c3d7097d010b3bb6f91e25fcaba378c
- https://github.com/advisories/GHSA-pcv5-m2wh-66j3
Blast Radius: 19.9
Affected Packages
maven:org.keycloak:keycloak-core
Dependent packages: 376Dependent repositories: 1,153
Downloads:
Affected Version Ranges: < 13.0.0
Fixed in: 13.0.0
All affected versions: 5.0.0, 6.0.0, 6.0.1, 7.0.0, 7.0.1, 8.0.0, 8.0.1, 8.0.2, 9.0.0, 9.0.2, 9.0.3, 10.0.0, 10.0.1, 10.0.2, 11.0.0, 11.0.1, 11.0.2, 11.0.3, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.0.4
All unaffected versions: 13.0.0, 13.0.1, 14.0.0, 15.0.0, 15.0.1, 15.0.2, 15.1.0, 15.1.1, 16.0.0, 16.1.0, 16.1.1, 17.0.0, 17.0.1, 18.0.0, 18.0.1, 18.0.2, 19.0.0, 19.0.1, 19.0.2, 19.0.3, 20.0.0, 20.0.1, 20.0.2, 20.0.3, 20.0.4, 20.0.5, 21.0.0, 21.0.1, 21.0.2, 21.1.0, 21.1.1, 21.1.2, 22.0.0, 22.0.1, 22.0.2, 22.0.3, 22.0.4, 22.0.5, 23.0.0, 23.0.1, 23.0.2, 23.0.3