CVE-2020-14366 - log back

CVE-2020-14366 edited at 19 Jan 2021 13:28:10
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Directory traversal
Description
+ A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. Only few specific folder hierarchies can be exposed by this flaw.
References
+ https://bugzilla.redhat.com/show_bug.cgi?id=1869764
+ https://issues.redhat.com/browse/KEYCLOAK-15012
CVE-2020-14366 created at 19 Jan 2021 13:25:55
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes