[MAVEN:GHSA-2CWW-FGMG-4JQC] Keycloak's admin API allows low privilege users to use administrative functions
Severity
High
Affected Packages
1
Fixed Packages
1
CVEs
1
Users with low privileges (just plain users in the realm) are able to utilize administrative functionalities within Keycloak admin interface. This issue presents a significant security risk as it allows unauthorized users to perform actions reserved for administrators, potentially leading to data breaches or system compromise.
Acknowledgements:
Special thanks to Maurizio Agazzini for reporting this issue and helping us improve our project.
Package | Affected Version |
---|---|
pkg:maven/org.keycloak/keycloak-services | < 24.0.5 |
Package | Fixed Version |
---|---|
pkg:maven/org.keycloak/keycloak-services | = 24.0.5 |
- ID
- MAVEN:GHSA-2CWW-FGMG-4JQC
- Severity
- high
- URL
- https://github.com/advisories/GHSA-2cww-fgmg-4jqc
- Published
-
2024-06-11T20:22:40
(3 months ago) - Modified
-
2024-06-11T20:22:44
(3 months ago) - Rights
- Maven Security Team
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:maven/org.keycloak/keycloak-services | org.keycloak | keycloak-services | < 24.0.5 | |||
Fixed | pkg:maven/org.keycloak/keycloak-services | org.keycloak | keycloak-services | = 24.0.5 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |