CVE-2020-27838

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2020-27838
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-27838.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-27838
Aliases
Published
2021-03-08T22:15:13Z
Modified
2024-09-02T22:40:17Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

A flaw was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fetching information about PUBLIC clients (like client secret) without authentication which could be an issue if the same PUBLIC client changed to CONFIDENTIAL later. The highest threat from this vulnerability is to data confidentiality.

References

Affected packages

Git / github.com/keycloak/keycloak

Affected ranges

Type
GIT
Repo
https://github.com/keycloak/keycloak
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed