CVE-2016-8629

CVE-2016-8629

Vendor Red Hat, Inc.

Product Keycloak

Weakness CWE-284

Published March 12, 2018

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Red Hat Keycloak before version 2.4.0 did not correctly check permissions when handling service account user deletion requests sent to the rest server. An attacker with service account authentication could use this flaw to bypass normal permissions and delete users in a separate realm.

Key dates

02Disclosure timeline

March 12, 2018 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2016-8629

Related vulnerabilities

01Description

02Disclosure timeline

03References

04Related CVE