CVE-2020-1717
npm/keycloak-connect
Information Exposure Through an Error Message
Keycloak suffers from an information disclosure through error messages. A logged in user can do an account email enumeration attack.
Version 7.0.1
Upgrade to version 8.0.0 or above.
2021-02-19
source |