CVE-2020-1717

Information Exposure Through an Error Message in npm/keycloak-connect

Identifier

CVE-2020-1717

Package Slug

npm/keycloak-connect

Vulnerability

Information Exposure Through an Error Message

Description

Keycloak suffers from an information disclosure through error messages. A logged in user can do an account email enumeration attack.

Affected Versions

Version 7.0.1

Solution

Upgrade to version 8.0.0 or above.

Last Modified

2021-02-19

source