Description
A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. Only few specific folder hierarchies can be exposed by this flaw
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14366
Related Vulnerabilities
CVE-2022-46907 Vulnerability in maven package org.apache.jspwiki:jspwiki-main
CVE-2018-11499 Vulnerability in maven package org.webjars.npm:node-sass
CVE-2020-2146 Vulnerability in maven package fr.edf.jenkins.plugins:mac
CVE-2023-25806 Vulnerability in maven package org.opensearch.plugin:opensearch-security
CVE-2020-36181 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind