CVE-2020-1714 HIGH

CVE-2020-1714

Vendor Red Hat

Product keycloak

Weakness CWE-20 · Input validation

Published May 13, 2020

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

7.5/10

Attack vector Network

Attack complexity High

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potentially lead to remote code execution.

Key dates

02Disclosure timeline

May 13, 2020 CVE published

August 4, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-1714

Related vulnerabilities

CVE-2020-1714

01Description

02Disclosure timeline

03References

04Related CVE