Description
A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts to exploit other problems. The flaws unnecessarily make the servers more prone to Clickjacking, channel downgrade attacks and other similar client-based attack vectors.
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1728
Related Vulnerabilities
CVE-2022-45347 Vulnerability in maven package org.apache.shardingsphere:shardingsphere-proxy
CVE-2023-44400 Vulnerability in npm package uptime-kuma
CVE-2018-8026 Vulnerability in maven package org.apache.solr:solr-core
CVE-2019-10158 Vulnerability in maven package org.infinispan:infinispan-spring5-remote
CVE-2020-7019 Vulnerability in maven package org.elasticsearch.plugin:x-pack