Security Advisory

CVE-2020-27826

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-05-28 10:20:30
Last updated 2024-08-04 16:25:43
Assigner redhat
State PUBLISHED

Description

A flaw was found in Keycloak before version 12.0.0 where it is possible to update the users metadata attributes using Account REST API. This flaw allows an attacker to change its own NameID attribute to impersonate the admin user for any particular application.