CVE-2020-14366 Information

Description

A vulnerability was found in keycloak where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. Only few specific folder hierarchies can be exposed by this flaw

Reference

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14366 A vulnerability was found in keycloak where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. Only few specific folder hierarchies can be exposed by this flaw