vulnerability

Red Hat JBoss EAP: CVE-2019-14820: Exposure of Sensitive Information to an Unauthorized Actor

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:L/Au:S/C:P/I:N/A:N)	Oct 14, 2019	Sep 19, 2024	Jul 2, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:N/A:N)

Published

Oct 14, 2019

Added

Sep 19, 2024

Modified

Jul 2, 2025

Description

It was found that keycloak before version 8.0.0 exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL. This vulnerability could allow an attacker to access unauthorized information.. It was found that keycloak exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL. This vulnerability could allow an attacker to access unauthorized information.

Solution

red-hat-jboss-eap-upgrade-latest

References

CWE-200
CVE-2019-14820
https://attackerkb.com/topics/CVE-2019-14820
URL-https://access.redhat.com/security/cve/CVE-2019-14820
URL-https://bugzilla.redhat.com/show_bug.cgi?id=1649870
URL-https://access.redhat.com/errata/RHSA-2019:3048
URL-https://access.redhat.com/errata/RHSA-2019:3049

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today