Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Keycloak-services: keycloak-services: keycloak: fgap v2 role groups endpoint discloses hidden group metadata without group view permission
Vulnerability Description
A vulnerability was discovered in Keycloak's administrative interface that allows certain administrators to see information about groups they shouldn't have access to. When the new Fine-Grained Admin Permissions (FGAP v2) are turned on, an administrator who is allowed to see a specific "role" can also see a list of all groups assigned to that role. The system fails to check if the administrator has permission to see those specific groups. This could allow a restricted administrator to discover "hidden" groups and see their details, such as internal names and custom settings, which might contain sensitive deployment information.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
N/A
Vulnerability Title
Keycloak 安全漏洞
Vulnerability Description
Keycloak是Keycloak组织开源的一种开源身份和访问管理解决方案。 Keycloak存在安全漏洞,该漏洞源于管理界面权限检查缺失,当新细粒度管理员权限启用时,允许查看特定角色的管理员越权查看分配给该角色的所有组列表,可能导致受限管理员发现隐藏组并获取其内部名称和自定义设置等敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A