CVE-2019-10170

Published: May 8, 2020Modified: Nov 21, 2024

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

A flaw was found in the Keycloak admin console, where the realm management interface permits a script to be set via the policy. This flaw allows an attacker with authenticated user and realm management permissions to configure a malicious script to trigger and execute arbitrary code with the permissions of the application user.

Affected (1)

Products: Redhat: Keycloak

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Keycloak	Before 8.0.0

Related CWEs

Privilege Defined With Unsafe Actions

A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity.

References (2)

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10170

Source: secalert@redhat.com

Issue TrackingVendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10170

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

Timeline

No history available yet.