CVE-2020-14366 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Directory traversal
Description	A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. Only few specific folder hierarchies can be exposed by this flaw.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1471	keycloak	11.0.3-1	12.0.0-1	Medium	Fixed

References
https://bugzilla.redhat.com/show_bug.cgi?id=1869764 https://issues.redhat.com/browse/KEYCLOAK-15012