Description
It was found that keycloak before version 8.0.0 exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL. This vulnerability could allow an attacker to access unauthorized information.
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14820
Related Vulnerabilities
CVE-2022-2422 Vulnerability in npm package feathers-sequelize
CVE-2018-16481 Vulnerability in npm package html-pages
CVE-2022-25848 Vulnerability in npm package static-dev-server
CVE-2022-38752 Vulnerability in maven package org.yaml:snakeyaml
CVE-2022-24819 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates