Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2020-27826 Vulnerability in maven package org.keycloak:keycloak-core

Description

A flaw was found in Keycloak before version 12.0.0 where it is possible to update the user's metadata attributes using Account REST API. This flaw allows an attacker to change its own NameID attribute to impersonate the admin user for any particular application.

Remediation

References

https://bugzilla.redhat.com/show_bug.cgi?id=1905089

Related Vulnerabilities

CVE-2022-29567 Vulnerability in maven package com.vaadin:vaadin

CVE-2022-45378 Vulnerability in maven package soap:soap

CVE-2020-17527 Vulnerability in maven package org.apache.tomcat:tomcat-coyote

CVE-2021-45459 Vulnerability in npm package node-windows

CVE-2023-29471 Vulnerability in maven package com.typesafe.akka:akka-stream-kafka

Severity

Medium

Classification

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

Tags

Issue Tracking Vendor Advisory NVD-CWE-noinfo