CVE-2020-14366: Path Traversal
First published: Mon Nov 09 2020(Updated: )
A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. Only few specific folder hierarchies can be exposed by this flaw
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Keycloak | <12.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-14366?
CVE-2020-14366 is a vulnerability found in Keycloak, where path traversal using URL-encoded path segments in the request is possible.
What is the severity of CVE-2020-14366?
CVE-2020-14366 has a severity rating of 7.5 (high).
Which software is affected by CVE-2020-14366?
Red Hat Keycloak versions up to 12.0.0 are affected by CVE-2020-14366.
How can the path traversal vulnerability in CVE-2020-14366 be exploited?
The vulnerability in CVE-2020-14366 allows an attacker to perform path traversal by using URL-encoded path segments in the request.
Is there a fix available for CVE-2020-14366?
Upgrading to a version of Red Hat Keycloak beyond 12.0.0 will fix the vulnerability CVE-2020-14366.
- collector/nvd-index
- vendor/redhat
- canonical/redhat keycloak