Description
A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. Only few specific folder hierarchies can be exposed by this flaw
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14366
Related Vulnerabilities
CVE-2023-28672 Vulnerability in maven package org.jenkinsci.plugins:octoperf
CVE-2023-37466 Vulnerability in maven package org.webjars.npm:vm2
CVE-2023-24447 Vulnerability in maven package org.jenkins-ci.plugins:rabbitmq-consumer
CVE-2023-44487 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2022-35204 Vulnerability in maven package org.webjars.npm:vite