Lucene search
GoogleOSV:CVE-2020-27826HistoryMay 28, 2021 - 11:15 a.m.
CVE-2020-27826
2021-05-2811:15:07
Google
osv.dev
10
keycloak
flaw
unauthorized access
user metadata
A flaw was found in Keycloak before version 12.0.0 where it is possible to update the user’s metadata attributes using Account REST API. This flaw allows an attacker to change its own NameID attribute to impersonate the admin user for any particular application.
Related
redhat
redhat
(RHSA-2020:5526) Low: Red Hat Single Sign-On 7.4.4 security update on RHEL 6
2020-12-15 16:52:18
(RHSA-2020:5527) Low: Red Hat Single Sign-On 7.4.4 security update on RHEL 7
2020-12-15 16:52:26
(RHSA-2020:5528) Low: Red Hat Single Sign-On 7.4.4 security update on RHEL 8
2020-12-15 16:52:33
osv
osv
Authentication Bypass in keycloak
2022-03-18 17:55:26
github
github
Authentication Bypass in keycloak
2022-03-18 17:55:26
nessus
nessus
veracode
veracode
Privilege Escalation
2020-12-19 05:51:29
redhatcve
redhatcve
CVE-2020-27826
2020-12-07 17:29:54
prion
prion
Design/Logic Flaw
2021-05-28 11:15:00
cvelist
cvelist
CVE-2020-27826
2021-05-28 10:20:30
cve
cve
CVE-2020-27826
2021-05-28 11:15:07
nvd
nvd
CVE-2020-27826
2021-05-28 11:15:07