CVE-2020-27838 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Information disclosure
Description	A security issue was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fetching information about PUBLIC clients (like client secret) without authentication which could be an issue if the same PUBLIC client changed to CONFIDENTIAL later.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1332	keycloak	12.0.4-1		High	Vulnerable

References
https://bugzilla.redhat.com/show_bug.cgi?id=1906797 https://issues.redhat.com/browse/KEYCLOAK-16521 https://github.com/keycloak/keycloak/pull/7790 https://github.com/keycloak/keycloak/commit/9356843c6c3d7097d010b3bb6f91e25fcaba378c

References

https://bugzilla.redhat.com/show_bug.cgi?id=1906797
https://issues.redhat.com/browse/KEYCLOAK-16521
https://github.com/keycloak/keycloak/pull/7790
https://github.com/keycloak/keycloak/commit/9356843c6c3d7097d010b3bb6f91e25fcaba378c