Description
It was found that Keycloak before version 12.0.0 would permit a user with only view-profile role to manage the resources in the new account console, allowing access and modification of data the user was not intended to have.
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=1875843%2C
https://access.redhat.com/security/cve/cve-2020-14389
Related Vulnerabilities
CVE-2021-21603 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2018-3258 Vulnerability in maven package mysql:mysql-connector-java
CVE-2020-6950 Vulnerability in maven package org.glassfish:jakarta.faces
CVE-2022-1466 Vulnerability in maven package org.keycloak:keycloak-core
CVE-2018-7408 Vulnerability in maven package org.webjars:npm