Back to bug 1869764
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Paramvir jindal | 2020-08-18 15:22:42 UTC | CC | security-response-team | |
| Paramvir jindal | 2020-11-09 09:33:15 UTC | Summary | EMBARGOED keycloak: path traversal in resources | EMBARGOED CVE-2020-14366 keycloak: path traversal in resources |
| Alias | CVE-2020-14366 | |||
| Fixed In Version | keycloak 12.0.0 | |||
| Paramvir jindal | 2020-11-09 09:36:27 UTC | Group | security, qe_staff | |
| Summary | EMBARGOED CVE-2020-14366 keycloak: path traversal in resources | CVE-2020-14366 keycloak: path traversal in resources | ||
| Paramvir jindal | 2020-11-09 12:12:10 UTC | Doc Text | A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. Only few specific folder hierarchies can be exposed by this flaw | |
| Eric Christensen | 2021-02-10 16:32:46 UTC | Doc Text | A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. Only few specific folder hierarchies can be exposed by this flaw | A flaw was found in keycloak. A path traversal, using URL-encoded path segments in a request, is possible due to transformation of the URL path to a file path at the resource endpoint. The highest threat from this vulnerability is to data confidentiality. |
| Red Hat Bugzilla | 2021-12-31 23:34:17 UTC | CC | almorale | |
| Red Hat Bugzilla | 2022-04-19 04:38:59 UTC | CC | ggaughan | |
| Red Hat Bugzilla | 2022-08-12 04:38:13 UTC | CC | etirelli | |
| Red Hat Bugzilla | 2022-08-31 22:23:09 UTC | CC | mszynkie | |
| Red Hat Bugzilla | 2022-10-28 13:13:03 UTC | CC | krathod | |
| Red Hat Bugzilla | 2022-11-14 23:22:44 UTC | CC | jstastny | |
| Red Hat Bugzilla | 2022-12-31 23:43:18 UTC | CC | aboyko | |
| Red Hat Bugzilla | 2023-05-15 18:03:51 UTC | CC | rrajasek | |
| Red Hat Bugzilla | 2023-05-15 18:09:24 UTC | CC | drieden | |
| Red Hat Bugzilla | 2023-05-31 22:25:01 UTC | CC | rsynek | |
| Red Hat Bugzilla | 2023-07-07 08:32:05 UTC | Assignee | security-response-team | nobody |
| CC | security-response-team |
Back to bug 1869764