Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-2CWW-FGMG-4JQC
HistoryJun 11, 2024 - 8:22 p.m.

Keycloak's admin API allows low privilege users to use administrative functions

2024-06-1120:22:40
Google
osv.dev
9
keycloak
admin interface
low privilege
unauthorized access
data breach
system compromise
security risk
administrative functionalities

7.2 High

AI Score

Confidence

Low

JSON

Users with low privileges (just plain users in the realm) are able to utilize administrative functionalities within Keycloak admin interface. This issue presents a significant security risk as it allows unauthorized users to perform actions reserved for administrators, potentially leading to data breaches or system compromise.

Acknowledgements:
Special thanks to Maurizio Agazzini for reporting this issue and helping us improve our project.

Related

veracode 1
github 1
osv 1
nessus 1
veracode
veracode
Improper Privilege Management
2024-06-18 09:51:50
github
github
Keycloak's admin API allows low privilege users to use administrative functions
2024-06-11 20:22:40
osv
osv
CGA-4qmx-6685-qc88
2024-06-19 07:35:15
nessus
nessus
Keycloak < 24.0.5 Unauthorized Access (CVE-2024-3656)
2024-06-14 00:00:00

7.2 High

AI Score

Confidence

Low

JSON
Related for OSV:GHSA-2CWW-FGMG-4JQC
veracode1github1osv1nessus1