CVE-2020-1728

Source
https://nvd.nist.gov/vuln/detail/CVE-2020-1728
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-1728.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-1728
Aliases
Related
Published
2020-04-06T14:15:12Z
Modified
2024-09-02T22:40:17Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts to exploit other problems. The flaws unnecessarily make the servers more prone to Clickjacking, channel downgrade attacks and other similar client-based attack vectors.

References

Affected packages

Git / github.com/keycloak/keycloak

Affected ranges

Type
GIT
Repo
https://github.com/keycloak/keycloak
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed