CVE-2020-1724

A flaw was found in Keycloak in versions before 9.0.2. This flaw allows a malicious user that is currently logged in, to see the personal information of a previously logged out user in the account manager section.
References
Link Resource
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1724 Issue Tracking Vendor Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*

Information

Published : 2020-05-11 14:15

Updated : 2022-04-25 10:37


NVD link : CVE-2020-1724

Mitre link : CVE-2020-1724


JSON object : View

CWE
CWE-613

Insufficient Session Expiration

Advertisement

dedicated server usa

Products Affected

redhat

  • single_sign-on
  • openshift_application_runtimes
  • keycloak