Description
A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. Only few specific folder hierarchies can be exposed by this flaw
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14366
Related Vulnerabilities
CVE-2023-49447 Vulnerability in maven package com.jfinal:jfinal
CVE-2023-46115 Vulnerability in npm package @tauri-apps/cli
CVE-2018-17785 Vulnerability in maven package cc.blynk.server.api.core:http-core
CVE-2022-43421 Vulnerability in maven package org.jenkins-ci.plugins:tuleap-git-branch-source
CVE-2020-24750 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind