CVE-2020-14366 – keycloak: path traversal in resources
https://notcve.org/view.php?id=CVE-2020-14366
A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. Only few specific folder hierarchies can be exposed by this flaw Se encontró una vulnerabilidad en keycloak, donde es posible un salto de ruta usando segmentos de ruta codificados con una URL en la petición porque el endpoint de recursos aplica una transformación de la ruta de la URL a la ruta del archivo. Solo algunas jerarquías de carpetas específicas pueden ser expuestas con este fallo A flaw was found in keycloak. A path traversal, using URL-encoded path segments in a request, is possible due to transformation of the URL path to a file path at the resource endpoint. The highest threat from this vulnerability is to data confidentiality. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14366 https://access.redhat.com/security/cve/CVE-2020-14366 https://bugzilla.redhat.com/show_bug.cgi?id=1869764 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2020-10776 – keycloak: OIDC redirect_uri allows dangerous schemes resulting in potential XSS
https://notcve.org/view.php?id=CVE-2020-10776
A flaw was found in Keycloak before version 12.0.0, where it is possible to add unsafe schemes for the redirect_uri parameter. This flaw allows an attacker to perform a Cross-site scripting attack. Se encontró un fallo en Keycloak versiones anteriores a 12.0.0, donde es posible agregar esquemas no seguros para el parámetro redirect_uri. Este fallo permite a un atacante llevar a cabo un ataque de tipo Cross-site scripting A flaw was found in Keycloak, where it is possible to add unsafe schemes for the redirect_uri parameter. This flaw allows an attacker to perform a Cross-site scripting attack. • https://bugzilla.redhat.com/show_bug.cgi?id=1847428 https://access.redhat.com/security/cve/CVE-2020-10776 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-14389 – keycloak: user can manage resources with just "view-profile" role using new Account Console
https://notcve.org/view.php?id=CVE-2020-14389
It was found that Keycloak before version 12.0.0 would permit a user with only view-profile role to manage the resources in the new account console, allowing access and modification of data the user was not intended to have. Se detectó que Keycloak versiones anteriores a 12.0.0, permitiría a un usuario que sólo tuviera una función de perfil de visualización administrar los recursos en la nueva consola de cuentas, permitiendo un acceso y una modificación de unos datos que el usuario no estaba destinado a tener A flaw was found in Keycloak, where it would permit a user with a view-profile role to manage the resources in the new account console. This flaw allows a user with a view-profile role to access and modify data for which the user does not have adequate permission. • https://access.redhat.com/security/cve/cve-2020-14389 https://bugzilla.redhat.com/show_bug.cgi?id=1875843%2C https://access.redhat.com/security/cve/CVE-2020-14389 https://bugzilla.redhat.com/show_bug.cgi?id=1875843 • CWE-916: Use of Password Hash With Insufficient Computational Effort •
CVE-2020-10758 – keycloak: DoS by sending multiple simultaneous requests with a Content-Length header value greater than actual byte count of request body
https://notcve.org/view.php?id=CVE-2020-10758
A vulnerability was found in Keycloak before 11.0.1 where DoS attack is possible by sending twenty requests simultaneously to the specified keycloak server, all with a Content-Length header value that exceeds the actual byte count of the request body. Se encontró una vulnerabilidad en Keycloak versiones anteriores a 11.0.1, donde el ataque de DoS es posible mediante el envío de veinte peticiones simultáneamente hacia el servidor de keycloak especificado, todas con un valor de encabezado Content-Length que excede el conteo de bytes real del cuerpo de la petición A flaw was found in Keycloak. This flaw allows an attacker to perform a denial of service attack by sending multiple simultaneous requests with a Content-Length header value greater than the actual byte count of the request body. The highest threat from this vulnerability is to system availability. • https://bugzilla.redhat.com/show_bug.cgi?id=1843849 https://github.com/keycloak/keycloak/commit/bee4ca89897766c4b68856eafe14f1a3dad34251 https://access.redhat.com/security/cve/CVE-2020-10758 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2020-1694 – keycloak: verify-token-audience support is missing in the NodeJS adapter
https://notcve.org/view.php?id=CVE-2020-1694
A flaw was found in all versions of Keycloak before 10.0.0, where the NodeJS adapter did not support the verify-token-audience. This flaw results in some users having access to sensitive information outside of their permissions. Se encontró un fallo en todas las versiones de Keycloak versiones anteriores a 10.0.0, donde el adaptador NodeJS no admitía la verify-token-audience. Este fallo hace que algunos usuarios tengan acceso a información confidencial fuera de sus permisos A flaw was found in Keycloak, where the NodeJS adapter did not support the verify-token-audience. This flaw results in some users having access to sensitive information outside of their permissions. • https://bugzilla.redhat.com/show_bug.cgi?id=1790759 https://access.redhat.com/security/cve/CVE-2020-1694 • CWE-183: Permissive List of Allowed Inputs CWE-732: Incorrect Permission Assignment for Critical Resource •