Vulnerability Description
It was found that keycloak before version 8.0.0 exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL. This vulnerability could allow an attacker to access unauthorized information.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Keycloak | < 8.0.0 |
| Redhat | Single Sign-On | 7.3 |
| Redhat | Jboss Enterprise Application Platform | 6.4.0 |
| Redhat | Jboss Fuse | 7.0.0 |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14820Issue TrackingPatchThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14820Issue TrackingPatchThird Party Advisory
FAQ
What is CVE-2019-14820?
CVE-2019-14820 is a vulnerability with a CVSS score of 4.3 (MEDIUM). It was found that keycloak before version 8.0.0 exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL. This vulnerability coul...
How severe is CVE-2019-14820?
CVE-2019-14820 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-14820?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Keycloak, Redhat Single Sign-On, Redhat Jboss Enterprise Application Platform, Redhat Jboss Fuse.