Moderate severityNVD Advisory· Published Mar 8, 2021· Updated Aug 4, 2024
CVE-2020-27838
CVE-2020-27838
Description
A flaw was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fetching information about PUBLIC clients (like client secret) without authentication which could be an issue if the same PUBLIC client changed to CONFIDENTIAL later. The highest threat from this vulnerability is to data confidentiality.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.keycloak:keycloak-coreMaven | < 13.0.0 | 13.0.0 |
Affected products
2Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-pcv5-m2wh-66j3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-27838ghsaADVISORY
- bugzilla.redhat.com/show_bug.cgighsax_refsource_MISCWEB
- github.com/keycloak/keycloak/commit/9356843c6c3d7097d010b3bb6f91e25fcaba378cghsaWEB
- github.com/keycloak/keycloak/pull/7790ghsaWEB
News mentions
0No linked articles in our index yet.