CVE-2020-1728 Vulnerability Details

  /     /     /  

CVE-2020-1728 Metadata Quick Info

CVE Published: 06/04/2020 | CVE Updated: 04/08/2024 | CVE Year: 2020
Source: redhat | Vendor: [UNKNOWN] | Product: keycloak
Status : PUBLISHED

---

CVE-2020-1728 Description

A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts to exploit other problems. The flaws unnecessarily make the servers more prone to Clickjacking, channel downgrade attacks and other similar client-based attack vectors.

Metrics

CVSS Version: 3.1 | Base Score: 4.8 MEDIUM
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* HIGH
    Privileges Required (PR)* NONE
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* LOW
    Integrity Impact (I)* LOW
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID: CWE-358
CWE Name: CWE-358
Source: [UNKNOWN]

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).