CVE-2020-1698

Description

A flaw was found in keycloak in versions before 9.0.0. A logged exception in the HttpMethod class may leak the password given as parameter. The highest threat from this vulnerability is to data confidentiality.

Risk Information

Base Score

5.5

MODERATE

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS Score

Exploitation Probability

0.051

Associated Vulnerability

Vulnerability	OS Platform
Vulnerabilities CVE-2020-1698,CVE-2020-1697 are fixed in Keycloak-core 9.0.0	Windows
Vulnerabilities CVE-2020-1698,CVE-2020-1697 are fixed in Keycloak-core for Linux 9.0.0	Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234