CVE-2020-27826 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Privilege escalation
Description	A flaw was found in keycloak versions prior to 12.0.0 where it is possible to update the user's meta-data attributes using Account REST API. It is now possible for any evil user to change its own NameID attribute to impersonate the admin user for any particular application.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1373	keycloak	11.0.3-1	12.0.0-1	Medium	Fixed

References
https://bugzilla.redhat.com/show_bug.cgi?id=1905089