Vulnerability Description
A flaw was found in the reset credential flow in all Keycloak versions before 8.0.0. This flaw allows an attacker to gain unauthorized access to the application.
CVSS Score
7.1
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Jboss Fuse | 7.0.0 |
| Redhat | Keycloak | < 8.0.0 |
| Redhat | Openshift Application Runtimes | - |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1718Issue TrackingVendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1718Issue TrackingVendor Advisory
FAQ
What is CVE-2020-1718?
CVE-2020-1718 is a vulnerability with a CVSS score of 7.1 (HIGH). A flaw was found in the reset credential flow in all Keycloak versions before 8.0.0. This flaw allows an attacker to gain unauthorized access to the application.
How severe is CVE-2020-1718?
CVE-2020-1718 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-1718?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Jboss Fuse, Redhat Keycloak, Redhat Openshift Application Runtimes.