2024-01-16 09:57:16 +00:00
id : CVE-2020-27838
info :
name : KeyCloak - Information Exposure
author : mchklt
severity : medium
description : |
A flaw was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fetching information about PUBLIC clients (like client secret) without authentication which could be an issue if the same PUBLIC client changed to CONFIDENTIAL later. The highest threat from this vulnerability is to data confidentiality.
2024-01-16 21:13:58 +00:00
impact : |
The vulnerability allows an attacker to gain sensitive information from the KeyCloak server.
remediation : |
Apply the latest security patches or updates provided by the KeyCloak vendor.
2024-01-29 17:11:14 +00:00
reference :
- https://bugzilla.redhat.com/show_bug.cgi?id=1906797
- https://nvd.nist.gov/vuln/detail/CVE-2020-27838
- https://github.com/muneebaashiq/MBProjects
- https://github.com/j4k0m/godkiller
2024-01-16 09:57:16 +00:00
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
cvss-score : 6.5
cve-id : CVE-2020-27838
cwe-id : CWE-287
2024-01-29 17:11:14 +00:00
epss-score : 0.08135
2024-04-08 11:34:33 +00:00
epss-percentile : 0.93734
2024-01-29 11:58:34 +00:00
cpe : cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*
2024-01-16 09:57:16 +00:00
metadata :
2024-01-29 17:11:14 +00:00
max-request : 1
2024-01-16 09:57:16 +00:00
vendor : redhat
product : keycloak
2024-01-29 11:58:34 +00:00
shodan-query : "title:\"keycloak\""
2024-04-08 11:34:33 +00:00
tags : cve,cve2020,keycloak,exposure
2024-01-16 09:57:16 +00:00
http :
- method : GET
path :
- "{{BaseURL}}/auth/realms/master/clients-registrations/default/security-admin-console"
2024-01-16 09:59:40 +00:00
2024-01-16 09:57:16 +00:00
matchers-condition : and
matchers :
- type : word
part : body
words :
- '"clientId":"security-admin-console"'
- '"secret":'
condition : and
- type : word
part : header
words :
- 'application/json'
- type : status
status :
- 200
2024-02-29 05:12:42 +00:00
# digest: 4a0a00473045022100e340099dadc3710a63b8cc3e0182b0c1a738f7480c069fa5c39913092f31b39802201ad2dbae637d451dd3a442b8c8a7d2f0d5244240545b98ba4431a62241c66fa6:922c64590222798bb761d5b6d8e72950