CVE-2020-27838
Description
A flaw was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fetching information about PUBLIC clients (like client secret) without authentication which could be an issue if the same PUBLIC client changed to CONFIDENTIAL later. The highest threat from this vulnerability is to data confidentiality.
Risk Information
Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
85.144
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2020-27838,CVE-2020-10770,CVE-2021-20202,CVE-2021-20195 are fixed in Keycloak-core 13.0.0 | Windows |
| Vulnerabilities CVE-2020-27838,CVE-2020-10770,CVE-2021-20202,CVE-2021-20195 are fixed in Keycloak-core for Linux 13.0.0 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234