Bug 1905089 (CVE-2020-27826) - CVE-2020-27826 keycloak: Account REST API can update user metadata attributes
Summary: CVE-2020-27826 keycloak: Account REST API can update user metadata attributes
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2020-27826
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 1905076
TreeView+ depends on / blocked
 
Reported: 2020-12-07 13:25 UTC by Paramvir jindal
Modified: 2021-06-04 08:48 UTC (History)
8 users (show)

See Also:
Fixed In Version: keycloak 12.0.0
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in Keycloak before version 12.0.0 where it is possible to update the user's metadata attributes using Account REST API. This flaw allows an attacker to change its own NameID attribute to impersonate the admin user for any particular application.
Clone Of:
Environment:
Last Closed: 2020-12-15 22:19:34 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2020:5526 0 None None None 2020-12-15 17:12:26 UTC
Red Hat Product Errata RHSA-2020:5527 0 None None None 2020-12-15 17:13:26 UTC
Red Hat Product Errata RHSA-2020:5528 0 None None None 2020-12-15 17:14:06 UTC
Red Hat Product Errata RHSA-2020:5533 0 None None None 2020-12-15 17:14:46 UTC

Description Paramvir jindal 2020-12-07 13:25:56 UTC 
A flaw was found in keycloak where it is possible to update the user's metadata attributes using Account REST API. It is now possible for any evil user to change its own NameID attribute to impersonate the admin user for any particular application.
Comment 1 Paramvir jindal 2020-12-07 13:26:28 UTC 
https://issues.redhat.com/browse/KEYCLOAK-16468
Comment 6 Paramvir jindal 2020-12-08 09:25:12 UTC 
Acknowledgments:

Name: Marek Posolda (Red Hat)
Comment 7 errata-xmlrpc 2020-12-15 17:12:27 UTC 
This issue has been addressed in the following products:

  Red Hat Single Sign-On 7.4 for RHEL 6

Via RHSA-2020:5526 https://access.redhat.com/errata/RHSA-2020:5526
Comment 8 errata-xmlrpc 2020-12-15 17:13:54 UTC 
This issue has been addressed in the following products:

  Red Hat Single Sign-On 7.4 for RHEL 7

Via RHSA-2020:5527 https://access.redhat.com/errata/RHSA-2020:5527
Comment 9 errata-xmlrpc 2020-12-15 17:14:31 UTC 
This issue has been addressed in the following products:

  Red Hat Single Sign-On 7.4 for RHEL 8

Via RHSA-2020:5528 https://access.redhat.com/errata/RHSA-2020:5528
Comment 10 errata-xmlrpc 2020-12-15 17:14:42 UTC 
This issue has been addressed in the following products:

  Red Hat Single Sign-On

Via RHSA-2020:5533 https://access.redhat.com/errata/RHSA-2020:5533
Comment 11 Product Security DevOps Team 2020-12-15 22:19:34 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-27826
Comment 12 Paramvir jindal 2021-02-22 10:53:19 UTC 
Hi, Can someone from CCS team please approve the Doc text, as customer is complaining about "No description available for this CVE". 
Thanks!
Note You need to log in before you can comment on or make changes to this bug.