Tuesday, November 17, 2020
CVE-2020-14389
nist.gov
In: nist.gov
It was found that Keycloak before version 12.0.0 would permit a user with only view-profile role to manage the resources in the new account console, allowing access and modification of data the user was not intended to have. CVE-2020-14389