CVE-2020-1725

CVSS v3.1 5.4 (Medium)

CVSS v2.0 5.5 (Medium)

EPSS 0.05 % (24^th)

Affected Products 1

Advisories 1

A flaw was found in keycloak before version 13.0.0. In some scenarios a user still has access to a resource after changing the role mappings in Keycloak and after expiration of the previous access token.

Weaknesses

CWE-863: Incorrect Authorization

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2021-01-28 20:15:12
(3 years ago)
Updated Date: 2021-03-31 12:50:42
(3 years ago)

Affected Products

Redhat

Keycloak

Configuration #1

		CPE23	From	Up To
	Redhat Keycloak prior 13.0.0 version	cpe:2.3:a:redhat:keycloak		< 13.0.0