CVE-2019-10170 MEDIUM

CVE-2019-10170

Vendor [Unknown]
Product keycloak
Weakness CWE-267
Published May 8, 2020
Last update August 4, 2024

CVSS base score

6.6/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A flaw was found in the Keycloak admin console, where the realm management interface permits a script to be set via the policy. This flaw allows an attacker with authenticated user and realm management permissions to configure a malicious script to trigger and execute arbitrary code with the permissions of the application user.

Key dates

02Disclosure timeline

May 8, 2020 CVE published
August 4, 2024 Record updated

Related vulnerabilities

04Related CVE