Home > Vulnerability Database > CVE-2020-27826

Mend.io Vulnerability Database

CVE-2020-27826

Good to know:

Date: May 28, 2021

A flaw was found in Keycloak before version 12.0.0 where it is possible to update the user's metadata attributes using Account REST API. This flaw allows an attacker to change its own NameID attribute to impersonate the admin user for any particular application.

Language: Java

Severity Score

4.2

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-27826

Url: https://bugzilla.redhat.com/show_bug.cgi?id=1905089

Url: https://www.mend.io/vulnerability-database/CVE-2020-27826

Severity Score

4.2

Weakness Type (CWE)

Execution with Unnecessary Privileges

CWE-250

Top Fix

Upgrade Version

Upgrade to version org.keycloak:keycloak-services:12.0.0

Learn More

CVSS v3.1

Base Score:	4.2
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.9
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	SINGLE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2020-27826

Good to know:

Date: May 28, 2021

Language: Java

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?