CVE-2020-1717
Information Exposure Through an Error Message in maven/org.keycloak/keycloak-wildfly-server-subsystem
Identifiers
CVE-2020-1717
Package Slug
maven/org.keycloak/keycloak-wildfly-server-subsystem
Vulnerability
Information Exposure Through an Error Message
Description
Keycloak suffers from an information disclosure through an error message. A logged in user can do an account email enumeration attack.
Affected Versions
Version 7.0.1
Solution
Upgrade to version 8.0.0 or above.
Last Modified
2021-02-19
| source |