Description
A flaw was found in Keycloak’s user-managed access interface, where it would permit a script to be set in the UMA policy. This flaw allows an authenticated attacker with UMA permissions to configure a malicious script to trigger and execute arbitrary code with the permissions of the user running application.
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10169
Related Vulnerabilities
CVE-2017-11555 Vulnerability in maven package org.webjars.npm:node-sass
CVE-2020-16015 Vulnerability in npm package electron
CVE-2023-27602 Vulnerability in maven package org.apache.linkis:linkis-storage-script-dev-server
CVE-2017-16006 Vulnerability in npm package remarkable
CVE-2019-1003078 Vulnerability in maven package org.jenkins-ci.plugins:labmanager