Skip to content

Moderate severity vulnerability that affects org.keycloak:keycloak-core

Moderate severity GitHub Reviewed Published Oct 18, 2018 to the GitHub Advisory Database • Updated Jan 9, 2023

Package

maven org.keycloak:keycloak-core (Maven)

Affected versions

< 2.4.0

Patched versions

2.4.0

Description

Red Hat Keycloak before version 2.4.0 did not correctly check permissions when handling service account user deletion requests sent to the rest server. An attacker with service account authentication could use this flaw to bypass normal permissions and delete users in a separate realm.

References

Published to the GitHub Advisory Database Oct 18, 2018
Reviewed Jun 16, 2020
Last updated Jan 9, 2023

Severity

Moderate

EPSS score

0.177%
(55th percentile)

Weaknesses

CVE ID

CVE-2016-8629

GHSA ID

GHSA-778x-2mqv-w6xw

Source code

No known source code
Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.