Red Hat Keycloak before version 2.4.0 did not correctly check permissions when handling service account user deletion requests sent to the rest server. An attacker with service account authentication could use this flaw to bypass normal permissions and delete users in a separate realm.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2018-03-12T15:00:00Z
Updated: 2024-09-16T17:52:54.232Z
Reserved: 2016-10-12T00:00:00
Link: CVE-2016-8629
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-03-12T15:29:00.210
Modified: 2024-11-21T02:59:43.123
Link: CVE-2016-8629
Redhat