Back to bug 1388988
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Chess Hazlett | 2016-10-26 15:45:47 UTC | CC | security-response-team | |
| Chess Hazlett | 2016-10-26 15:45:50 UTC | Blocks | 1386413 | |
| Chess Hazlett | 2016-10-26 16:04:41 UTC | Doc Text | It was found that keycloak did not correctly check permissions when handling service account user deletion requests sent to the rest server. An attacker with service account authentication could use this flaw to bypass normal permissions and delete users in a separate realm. | |
| Chess Hazlett | 2016-10-27 16:19:12 UTC | Alias | CVE-2016-8629 | |
| Chess Hazlett | 2016-10-27 16:19:14 UTC | Summary | EMBARGOED keycloak: user deletion via incorrect permissions check | EMBARGOED CVE-2016-8629 keycloak: user deletion via incorrect permissions check |
| Chess Hazlett | 2017-04-03 19:36:36 UTC | Blocks | 1438536 | |
| Chess Hazlett | 2017-04-04 16:41:48 UTC | Whiteboard | impact=moderate,public=no,reported=20161017,source=upstream,cvss2=4.0/AV:N/AC:L/Au:S/C:N/I:P/A:N,rhsso-7/keycloak=affected | impact=moderate,public=no,reported=20161017,source=upstream,cvss2=4.0/AV:N/AC:L/Au:S/C:N/I:P/A:N,cvss3=4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N,rhsso-7/keycloak=affected |
| Chess Hazlett | 2017-04-04 16:43:54 UTC | Whiteboard | impact=moderate,public=no,reported=20161017,source=upstream,cvss2=4.0/AV:N/AC:L/Au:S/C:N/I:P/A:N,cvss3=4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N,rhsso-7/keycloak=affected | impact=moderate,public=20170404,reported=20161017,source=upstream,cvss2=4.0/AV:N/AC:L/Au:S/C:N/I:P/A:N,cvss3=4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N,rhsso-7/keycloak=affected |
| Chess Hazlett | 2017-04-04 16:43:56 UTC | Summary | EMBARGOED CVE-2016-8629 keycloak: user deletion via incorrect permissions check | CVE-2016-8629 keycloak: user deletion via incorrect permissions check |
| Chess Hazlett | 2017-04-04 16:43:57 UTC | Group | security, qe_staff | |
| Jason Shepherd | 2017-06-01 07:33:41 UTC | Whiteboard | impact=moderate,public=20170404,reported=20161017,source=upstream,cvss2=4.0/AV:N/AC:L/Au:S/C:N/I:P/A:N,cvss3=4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N,rhsso-7/keycloak=affected | impact=moderate,public=20170404,reported=20161017,source=upstream,cvss2=4.0/AV:N/AC:L/Au:S/C:N/I:P/A:N,cvss3=4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N,rhsso-7/keycloak=notaffected |
| Jason Shepherd | 2017-06-01 07:40:58 UTC | Whiteboard | impact=moderate,public=20170404,reported=20161017,source=upstream,cvss2=4.0/AV:N/AC:L/Au:S/C:N/I:P/A:N,cvss3=4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N,rhsso-7/keycloak=notaffected | impact=moderate,public=20170404,reported=20161017,source=upstream,cvss2=4.0/AV:N/AC:L/Au:S/C:N/I:P/A:N,cvss3=4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N,rhsso-7/keycloak=affected |
| Jason Shepherd | 2017-06-01 07:41:24 UTC | Whiteboard | impact=moderate,public=20170404,reported=20161017,source=upstream,cvss2=4.0/AV:N/AC:L/Au:S/C:N/I:P/A:N,cvss3=4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N,rhsso-7/keycloak=affected | impact=moderate,public=20170404,reported=20161017,source=upstream,cvss2=4.0/AV:N/AC:L/Au:S/C:N/I:P/A:N,cvss3=4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N,rhsso-7/keycloak=notaffected |
| Sam Fowler | 2018-03-12 06:26:56 UTC | Fixed In Version | keycloak 2.4.0 | |
| Whiteboard | impact=moderate,public=20170404,reported=20161017,source=upstream,cvss2=4.0/AV:N/AC:L/Au:S/C:N/I:P/A:N,cvss3=4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N,rhsso-7/keycloak=notaffected | impact=moderate,public=20170404,reported=20161017,source=upstream,cvss2=4.0/AV:N/AC:L/Au:S/C:N/I:P/A:N,cvss3=4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N,cwe=CWE-284,rhsso-7/keycloak=notaffected | ||
| Product Security DevOps Team | 2019-06-08 03:01:15 UTC | Status | NEW | CLOSED |
| Resolution | --- | NOTABUG | ||
| Last Closed | 2019-06-08 03:01:15 UTC | |||
| Product Security DevOps Team | 2019-09-29 13:58:49 UTC | Whiteboard | impact=moderate,public=20170404,reported=20161017,source=upstream,cvss2=4.0/AV:N/AC:L/Au:S/C:N/I:P/A:N,cvss3=4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N,cwe=CWE-284,rhsso-7/keycloak=notaffected |
Back to bug 1388988