Description
It was found that keycloak before version 8.0.0 exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL. This vulnerability could allow an attacker to access unauthorized information.
Remediation
References
Related Vulnerabilities
WebLogic CVE-2016-3586 Vulnerability (CVE-2016-3586)
WordPress 4.0.x Multiple Vulnerabilities (4.0 - 4.0.12)
WordPress Plugin WP e-Commerce Shop Styling Remote File Inclusion (1.7.2)
WordPress Plugin wp audio gallery playlist 'playlist.php' SQL Injection (0.12)
WordPress Plugin Daily Inspiration Generator Open Redirect (2.0)