0.001 Low
EPSS
Percentile
23.0%
It was found that keycloak exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL. This vulnerability could allow an attacker to access unauthorized information.
bugzilla.redhat.com/show_bug.cgi?id=1649870
nvd.nist.gov/vuln/detail/CVE-2019-14820
www.cve.org/CVERecord?id=CVE-2019-14820