WEB APPLICATION VULNERABILITIES Standard & Premium

Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-14820)

Description

It was found that keycloak before version 8.0.0 exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL. This vulnerability could allow an attacker to access unauthorized information.

Remediation

References

Related Vulnerabilities

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-4219)

WordPress Plugin Newsletter Subscription Form Possible Remote Code Execution (1.1.2)

IBM WebSEAL Session Fixation Vulnerability (CVE-2018-1804)

WordPress Plugin Attachment Manager Arbitrary File Upload (2.1.1)

Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-7536)

Severity

Medium

Classification

CVE-2019-14820 CWE-200 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities