CVE-2020-14366
maven/org.keycloak/keycloak-services
Path Traversal
A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. Only few specific folder hierarchies can be exposed by this flaw
All versions before 12.0.0
Unfortunately, there is no solution available yet.
2020-11-18
source |