vulnerability

Red Hat JBoss EAP: CVE-2019-14820: Exposure of Sensitive Information to an Unauthorized Actor

Name: Red Hat JBoss EAP: CVE-2019-14820: Exposure of Sensitive Information to an Unauthorized Actor
Creator: Red Hat
Published: 2019-10-14T00:00:00.000Z
Keywords: CVE, CWE-200, Red Hat JBoss EAP, 2019, 14820, Exposure of Sensitive Information to an Unauthorized Actor, red-hat-jboss-eap-upgrade-latest, Severity 4

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:N/A:N)

Published

Oct 14, 2019

Added

Sep 19, 2024

Modified

Jul 2, 2025

Description

It was found that keycloak before version 8.0.0 exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL. This vulnerability could allow an attacker to access unauthorized information.. It was found that keycloak exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL. This vulnerability could allow an attacker to access unauthorized information.

Solution

red-hat-jboss-eap-upgrade-latest

References

CWE-200
CVE-2019-14820
https://attackerkb.com/topics/CVE-2019-14820
https://access.redhat.com/security/cve/CVE-2019-14820
https://bugzilla.redhat.com/show_bug.cgi?id=1649870
https://access.redhat.com/errata/RHSA-2019:3048
https://access.redhat.com/errata/RHSA-2019:3049

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report