Description
A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. Only few specific folder hierarchies can be exposed by this flaw
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14366
Related Vulnerabilities
CVE-2022-45136 Vulnerability in maven package org.apache.jena:jena-sdb
CVE-2023-25345 Vulnerability in npm package swig-templates
CVE-2023-37908 Vulnerability in maven package org.xwiki.rendering:xwiki-rendering-xml
CVE-2023-26513 Vulnerability in maven package org.apache.sling:org.apache.sling.resourcemerger
CVE-2020-27838 Vulnerability in maven package org.keycloak:keycloak-server-spi-private