CVE-2020-14366

Path Traversal in maven/org.keycloak/keycloak-services

Identifiers

CVE-2020-14366

Package Slug

maven/org.keycloak/keycloak-services

Vulnerability

Path Traversal

Description

A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. Only few specific folder hierarchies can be exposed by this flaw

Affected Versions

All versions before 12.0.0

Solution

Unfortunately, there is no solution available yet.

Last Modified

2020-11-18

source