CVE-2020-27826

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-27826

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-27826.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-27826

Aliases

GHSA-m9cj-v55f-8x26

Related

Published

2021-05-28T11:15:07Z

Modified

2024-09-02T22:40:17Z

Severity

4.2 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A flaw was found in Keycloak before version 12.0.0 where it is possible to update the user's metadata attributes using Account REST API. This flaw allows an attacker to change its own NameID attribute to impersonate the admin user for any particular application.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1905089

Affected packages

Git / github.com/keycloak/keycloak

Affected ranges

Type: GIT
Repo: https://github.com/keycloak/keycloak
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

2690229863ddbcdfa2c75e00a7a9858e2e03c6c9