High severityNVD Advisory· Published Nov 9, 2020· Updated Aug 4, 2024
CVE-2020-14366
CVE-2020-14366
Description
A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. Only few specific folder hierarchies can be exposed by this flaw
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.keycloak:keycloak-parentMaven | < 12.0.0 | 12.0.0 |
Affected products
2Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-cp67-8w3w-6h9cghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-14366ghsaADVISORY
- bugzilla.redhat.com/show_bug.cgighsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.