Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2016-8629 Vulnerability in maven package org.keycloak:keycloak-model-infinispan

Description

Red Hat Keycloak before version 2.4.0 did not correctly check permissions when handling service account user deletion requests sent to the rest server. An attacker with service account authentication could use this flaw to bypass normal permissions and delete users in a separate realm.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2017-0876.html

http://www.securityfocus.com/bid/97392

http://www.securitytracker.com/id/1038180

https://access.redhat.com/errata/RHSA-2017:0872

https://access.redhat.com/errata/RHSA-2017:0873

https://bugzilla.redhat.com/show_bug.cgi?id=1388988

Related Vulnerabilities

CVE-2022-24718 Vulnerability in npm package @finastra/ssr-pages

CVE-2018-20595 Vulnerability in maven package org.hswebframework.web:hsweb-system-oauth2-client-web

CVE-2020-8268 Vulnerability in npm package json8-merge-patch

CVE-2019-14262 Vulnerability in maven package com.drewnoakes:metadata-extractor

CVE-2021-29624 Vulnerability in npm package fastify-csrf

Severity

High

Classification

CWE-284 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Tags

Third Party Advisory VDB Entry Vendor Advisory Issue Tracking