Description
It was found that keycloak before version 8.0.0 exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL. This vulnerability could allow an attacker to access unauthorized information.
Remediation
References
Related Vulnerabilities
WordPress Plugin Gallery-Video Gallery and Youtube Gallery SQL Injection (2.0.9)
Drupal Core 4.5.x Cross-Site Scripting (4.5.0 - 4.5.7)
WordPress Plugin Video Comments Webcam Recorder Cross-Site Scripting (1.55)
WordPress Plugin Contact Form 7 Database Addon-CFDB7 Unspecified Vulnerability (1.2.5.3)