4

CVE-2020-1717

A flaw was found in Keycloak 7.0.1. A logged in user can do an account email enumeration attack.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatKeycloak Version7.0.1
RedhatJboss Fuse Version7.0.0
RedhatSingle Sign-on Version7.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.77% 0.506
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 2.7 1.2 1.4
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:P/I:N/A:N
CWE-209 Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

https://bugzilla.redhat.com/show_bug.cgi?id=1796281
Vendor Advisory
Issue Tracking
https://issues.jboss.org/browse/KEYCLOAK-12014
Vendor Advisory
Issue Tracking
Permissions Required