CVE-2020-27838

EPSS 17.9%CWE-287

Vexday Risk Score

23Bajo

Decisión SSVC (CISA)

Attend

PoC disponible → seguir de cerca

CVSS —EPSS 17.9%KEV nãoPoC —Nuclei simMetasploit —Patch —

Ciclo de vida

08 mar 2021Publicada en NVD

Recomendación: Planificar corrección próxima — ya existe PoC pública.

A flaw was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fetching information about PUBLIC clients (like client secret) without authentication which could be an issue if the same PUBLIC client changed to CONFIDENTIAL later. The highest threat from this vulnerability is to data confidentiality.

Productos afectados

n/a · keycloak

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://bugzilla.redhat.com/show_bug.cgi?id=1906797