Description
A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. Only few specific folder hierarchies can be exposed by this flaw
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14366
Related Vulnerabilities
CVE-2016-0750 Vulnerability in maven package org.infinispan:infinispan-client-hotrod
CVE-2023-50770 Vulnerability in maven package org.jenkins-ci.plugins:oic-auth
CVE-2021-21307 Vulnerability in maven package org.lucee:lucee
CVE-2020-17519 Vulnerability in maven package org.apache.flink:flink-runtime_2.12
CVE-2023-5720 Vulnerability in maven package io.quarkus:quarkus-project