Lucene search
Veracode Vulnerability DatabaseVERACODE:36829HistoryAug 29, 2022 - 6:58 a.m.
Information Disclosure
2022-08-2906:58:56
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
13
keycloak
information disclosure
vulnerability
crafted request
0.001 Low
EPSS
Percentile
34.9%
org.keycloak:keycloak-services is vulnerable to information disclosure. A remote authenticated attacker is able to gain access to restricted resources by sending a crafted request with a relative path from an external HTTP client. The malicious client will receive the content of the requested random files if available, due to the insufficient validations in getResourceAsStream and getResourceAsStream functions.
| CPE | Name | Operator | Version |
|---|---|---|---|
| keycloak rest services | le | 15.0.2 | |
| keycloak rest services | le | 15.0.2 |
Related
github
github
Keycloak has Files or Directories Accessible to External Parties
2022-08-27 00:00:45
prion
prion
Design/Logic Flaw
2022-08-26 16:15:00
osv
osv
CVE-2021-3856
2022-08-26 16:15:09
Keycloak has Files or Directories Accessible to External Parties
2022-08-27 00:00:45
nvd
nvd
CVE-2021-3856
2022-08-26 16:15:09
redhatcve
redhatcve
CVE-2021-3856
2021-10-04 14:39:02
cvelist
cvelist
CVE-2021-3856
2022-08-26 15:25:39
cve
cve
CVE-2021-3856
2022-08-26 16:15:09