Description
It was found that keycloak before version 8.0.0 exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL. This vulnerability could allow an attacker to access unauthorized information.
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14820
Related Vulnerabilities
CVE-2023-45827 Vulnerability in npm package @clickbar/dot-diver
CVE-2023-35150 Vulnerability in maven package org.xwiki.platform:xwiki-platform-invitation-ui
CVE-2021-26707 Vulnerability in npm package merge-deep
CVE-2021-41184 Vulnerability in npm package jquery-ui
CVE-2023-38509 Vulnerability in maven package org.xwiki.platform:xwiki-platform-livetable-ui