High severityNVD Advisory· Published May 28, 2021· Updated Aug 4, 2024
CVE-2020-27826
CVE-2020-27826
Description
A flaw was found in Keycloak before version 12.0.0 where it is possible to update the user's metadata attributes using Account REST API. This flaw allows an attacker to change its own NameID attribute to impersonate the admin user for any particular application.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.keycloak:keycloak-coreMaven | < 12.0.0 | 12.0.0 |
Affected products
2Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-m9cj-v55f-8x26ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-27826ghsaADVISORY
- access.redhat.com/security/cve/cve-2020-27826ghsaWEB
- bugzilla.redhat.com/show_bug.cgighsax_refsource_MISCWEB
- github.com/keycloak/keycloak/commit/dae4a3eaf26590b8d441b8e4bec3b700ee303b72ghsaWEB
News mentions
0No linked articles in our index yet.