Red Hat Keycloak before version 2.4.0 did not correctly check permissions when handling service account user deletion requests sent to the rest server. An attacker with service account authentication could use this flaw to bypass normal permissions and delete users in a separate realm.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2018-03-12T15:00:00Z

Updated: 2024-09-16T17:52:54.232Z

Reserved: 2016-10-12T00:00:00

Link: CVE-2016-8629

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-03-12T15:29:00.210

Modified: 2024-11-21T02:59:43.123

Link: CVE-2016-8629

cve-icon Redhat

Severity : Moderate

Publid Date: 2017-04-04T00:00:00Z

Links: CVE-2016-8629 - Bugzilla