A flaw was found in keycloak. A keycloak adapter exposes internal endpoints in org.keycloak.constants.AdapterConstantsThe keycloak which can be invoked by appending the appropriate suffix (e.g. k_version) to any URL. This vulnerability might lead to an information exposure.
This vulnerability is out of security support scope for the following products: * Red Hat Openshift Application Runtimes Spring Boot Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details.
This vulnerability is out of security support scope for the following product: * Red Hat Mobile Application Platform Please refer to https://access.redhat.com/support/policy/updates/rhmap for more details
This issue has been addressed in the following products: Red Hat Single Sign-On 7.3 for RHEL 6 Via RHSA-2019:3044 https://access.redhat.com/errata/RHSA-2019:3044
This issue has been addressed in the following products: Red Hat Single Sign-On 7.3 for RHEL 7 Via RHSA-2019:3045 https://access.redhat.com/errata/RHSA-2019:3045
This issue has been addressed in the following products: Red Hat Single Sign-On 7.3 for RHEL 8 Via RHSA-2019:3046 https://access.redhat.com/errata/RHSA-2019:3046
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Via RHSA-2019:3048 https://access.redhat.com/errata/RHSA-2019:3048
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6 Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7 Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8 Via RHSA-2019:3049 https://access.redhat.com/errata/RHSA-2019:3049
This issue has been addressed in the following products: Red Hat Single Sign-On 7.3.4 zip Via RHSA-2019:3050 https://access.redhat.com/errata/RHSA-2019:3050
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-14820
This issue has been addressed in the following products: Red Hat Openshift Application Runtimes Via RHSA-2020:2067 https://access.redhat.com/errata/RHSA-2020:2067