CVE-2020-1725

A flaw was found in keycloak before version 13.0.0. In some scenarios a user still has access to a resource after changing the role mappings in Keycloak and after expiration of the previous access token.

Published: Jan 28, 2021
Updated: May 9, 2024
CVE: CVE-2020-1725
GHSA: GHSA-p225-pc2x-4jpm
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CVSS v2:

Severity: Medium
Score: 5.5
AV:N/AC:L/Au:S/C:P/I:P/A:N

CWEs:

CWE-668
CWE-863

Affected Software
References

Software	From	Fixed in
redhat / keycloak	-	13.0.0
org.keycloak / keycloak-parent	-	13.0.0

https://bugzilla.redhat.com/show_bug.cgi?id=1765129
https://issues.redhat.com/browse/KEYCLOAK-16550

Vulnerability Database

289,599

CVE-2020-1725