CVE-2020-14366 MEDIUM

CVE-2020-14366

Vendor Red Hat
Product keycloak
Weakness CWE-22 · Path traversal
Published November 9, 2020
Last update August 4, 2024

CVSS base score

6.8/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. Only few specific folder hierarchies can be exposed by this flaw

Key dates

02Disclosure timeline

November 9, 2020 CVE published
August 4, 2024 Record updated