CVE-2020-10770 Scanner
Detects 'Server-Side Request Forgery (SSRF)' vulnerability in keycloak affects v. before 13.0.0.
Short Info
Level
Medium
Type
Single Scan
Can be used by
Asset Owner
Estimated Time
10 sec
Scan only one
Url
Parent Category
CVE-2020-10770 Scanner Detail
Keycloak is an open-source identity and access management (IAM) product developed by Red Hat. It is widely used by organizations to secure their web and mobile-based applications by managing authentication and authorization of user access. Keycloak allows businesses to create, manage, and distribute digital identities securely, making it an essential tool in modern-day online security. With its wide range of features, Keycloak has become a go-to product for enterprise-level IAM.
A vulnerability detected in Keycloak before 13.0.0 is identified as CVE-2020-10770. This flaw allows an attacker to use the OIDC parameter request_uri to execute a Server-side request forgery (SSRF) attack. A malicious user can exploit this vulnerability by injecting a crafted request that, when executed, tricks the server into calling an unauthorized URL. This violation could lead to the extraction of confidential information from the Keycloak server or other compromised resources.
Exploitation of this vulnerability can lead to severe consequences for businesses. An attacker can bypass the security measures in place and gain unauthorized access to sensitive resources, compromising confidential data and sensitive information. An adversary can exploit this vulnerability to launch further attacks, such as Distributed Denial of Service (DDoS), data theft, and other malicious activities.
Thanks to the securityforeveryone.com platform's pro features, businesses can quickly and easily learn about vulnerabilities like CVE-2020-10770 in their digital assets. The platform offers automated assessments that can scan and identify vulnerabilities in web and mobile applications. This solution empowers organizations to stay ahead of threats and ensure the security of their systems. By subscribing to the service, it is possible to receive regular updates to the security status of the digital assets, giving businesses an added peace of mind.
REFERENCES
control security posture