CVE-2020-27826

CVE-2020-27826

A flaw was found in Keycloak before version 12.0.0 where it is possible to update the user’s metadata attributes using Account REST API. This flaw allows an attacker to change its own NameID attribute to impersonate the admin user for any particular application.

Source: CVE-2020-27826

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다