Description
A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. Only few specific folder hierarchies can be exposed by this flaw
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14366
Related Vulnerabilities
CVE-2023-6460 Vulnerability in npm package @google-cloud/firestore
CVE-2023-39153 Vulnerability in maven package org.jenkins-ci.plugins:gitlab-oauth
CVE-2020-10686 Vulnerability in maven package org.keycloak:keycloak-model-jpa
CVE-2023-28155 Vulnerability in npm package request
CVE-2020-10727 Vulnerability in maven package org.apache.activemq:artemis-server