Vulnerabilities > CVE-2020-27838 - Unspecified vulnerability in Redhat Keycloak and Single Sign-On

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

redhat

NVD

Published: 2021-03-08

Updated: 2024-11-21

Summary

A flaw was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fetching information about PUBLIC clients (like client secret) without authentication which could be an issue if the same PUBLIC client changed to CONFIDENTIAL later. The highest threat from this vulnerability is to data confidentiality.

Vulnerable Configurations

Part	Description	Count
Application	Redhat Redhat Single Sign ON 7.0 Redhat Keycloak - Redhat Keycloak 1.0 Redhat Keycloak 1.0.0 Redhat Keycloak 1.0.1 Redhat Keycloak 1.0.2 Redhat Keycloak 1.0.3 Redhat Keycloak 1.0.4 Redhat Keycloak 1.0.5 Redhat Keycloak 1.1.0 Redhat Keycloak 1.1.1 Redhat Keycloak 1.2.0 Redhat Keycloak 1.3.0 Redhat Keycloak 1.3.1 Redhat Keycloak 1.4.0 Redhat Keycloak 1.5.0 Redhat Keycloak 1.5.1 Redhat Keycloak 1.6.0 Redhat Keycloak 1.6.1 Redhat Keycloak 1.7.0 Redhat Keycloak 1.8.0 Redhat Keycloak 1.8.1 Redhat Keycloak 1.8.2 Redhat Keycloak 1.9.0 Redhat Keycloak 1.9.1 Redhat Keycloak 1.9.2 Redhat Keycloak 1.9.3 Redhat Keycloak 1.9.4 Redhat Keycloak 1.9.5 Redhat Keycloak 1.9.6 Redhat Keycloak 1.9.7 Redhat Keycloak 1.9.8 Redhat Keycloak 2.0.0 Redhat Keycloak 2.1.0 Redhat Keycloak 2.2.0 Redhat Keycloak 2.2.1 Redhat Keycloak 2.3.0 Redhat Keycloak 2.4.0 Redhat Keycloak 2.5.0 Redhat Keycloak 2.5.1 Redhat Keycloak 2.5.2 Redhat Keycloak 2.5.3 Redhat Keycloak 2.5.4 Redhat Keycloak 2.5.5 Redhat Keycloak 2.5.6 Redhat Keycloak 2.5.7 Redhat Keycloak 2.5.8 Redhat Keycloak 2.5.9 Redhat Keycloak 2.5.10 Redhat Keycloak 3.0.0 Redhat Keycloak 3.1.0 Redhat Keycloak 3.1.1 Redhat Keycloak 3.2.0 Redhat Keycloak 3.2.1 Redhat Keycloak 3.3.0 Redhat Keycloak 3.4.0 Redhat Keycloak 3.4.1 Redhat Keycloak 3.4.2 Redhat Keycloak 3.4.3 Redhat Keycloak 4.0.0 Redhat Keycloak 4.1.0 Redhat Keycloak 4.2.0 Redhat Keycloak 4.2.1 Redhat Keycloak 4.3.0 Redhat Keycloak 4.4.0 Redhat Keycloak 4.5.0 Redhat Keycloak 4.6.0 Redhat Keycloak 4.7.0 Redhat Keycloak 4.8.0 Redhat Keycloak 4.8.1 Redhat Keycloak 4.8.2 Redhat Keycloak 4.8.3 Redhat Keycloak 5.0.0 Redhat Keycloak 6.0.0 Redhat Keycloak 6.0.1 Redhat Keycloak 6.0.2 Redhat Keycloak 7.0.0 Redhat Keycloak 7.0.1 Redhat Keycloak 8.0.0 Redhat Keycloak 8.0.2 Redhat Keycloak 9.0.0 Redhat Keycloak 9.0.1 Redhat Keycloak 9.0.2 Redhat Keycloak 9.0.13 Redhat Keycloak 10.0.0 Redhat Keycloak 10.0.1 Redhat Keycloak 11.0.0 Redhat Keycloak 11.0.3 Redhat Keycloak 12.0.0 Redhat Keycloak 12.0.1 Redhat Keycloak 12.0.2 Redhat Keycloak 12.0.3 Redhat Keycloak 12.0.4	125

Summary

Vulnerable Configurations

References