CVE-2020-14359 log

Source
Severity Medium
Remote Yes
Type Insufficient validation
Description
A vulnerability was found in keycloak, where on using lower case HTTP headers (via cURL) a Gatekeeper can be bypassed. Lower case headers are also accepted by some webservers (e.g. Jetty). This means there is no protection when putting a Gatekeeper in front of a Jetty server and using lowercase headers.
Group Package Affected Fixed Severity Status Ticket
AVG-1332 keycloak 15.0.2-1 High Vulnerable
References
https://bugzilla.redhat.com/show_bug.cgi?id=1868591
https://issues.jboss.org/browse/KEYCLOAK-14090