EPSS
Percentile
22.7%
keycloak is vulnerable to information disclosure.Internal adapter endpoints in org.keycloak.constants.AdapterConstants are exposed, allowing a remote attacker to access unauthorized information by visiting a specially-crafted URL.
org.keycloak.constants.AdapterConstants
access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.3/
access.redhat.com/errata/RHSA-2019:3044
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14820
github.com/advisories/GHSA-xfqh-7356-vqjj
issues.jboss.org/browse/KEYCLOAK-11454