← volver
CVE-2016-8629

CVE-2016-8629

EPSS 2.0%CWE-284
Red Hat Keycloak before version 2.4.0 did not correctly check permissions when handling service account user deletion requests sent to the rest server. An attacker with service account authentication could use this flaw to bypass normal permissions and delete users in a separate realm.
Productos afectados
Red Hat, Inc. · Keycloak

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://rhn.redhat.com/errata/RHSA-2017-0876.htmlhttps://access.redhat.com/errata/RHSA-2017:0872https://access.redhat.com/errata/RHSA-2017:0873https://bugzilla.redhat.com/show_bug.cgi?id=1388988http://www.securityfocus.com/bid/97392http://www.securitytracker.com/id/1038180