Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-14209

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-30 Jun, 2026 | 11:48
Updated At-30 Jun, 2026 | 18:46
Rejected At-
Credits

Keycloak-admin-ui: keycloak-admin-ui: keycloak: admin ui extension brute-force-user endpoint bypasses fgapv2 user view restrictions

A vulnerability was discovered in Keycloak's Admin UI extension that allows certain administrative users to bypass security restrictions. When Fine-Grained Admin Permissions (FGAPv2) are enabled, an administrator who should only be able to search for users (but not view their full details) can use a specific "brute-force-user" endpoint to access a user's full profile. This includes sensitive information and security metadata. The issue occurs because the system fails to check if the administrator has the required "view" permission for that specific user when using this particular search path.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:30 Jun, 2026 | 11:48
Updated At:30 Jun, 2026 | 18:46
Rejected At:
â–¼CVE Numbering Authority (CNA)
Keycloak-admin-ui: keycloak-admin-ui: keycloak: admin ui extension brute-force-user endpoint bypasses fgapv2 user view restrictions

A vulnerability was discovered in Keycloak's Admin UI extension that allows certain administrative users to bypass security restrictions. When Fine-Grained Admin Permissions (FGAPv2) are enabled, an administrator who should only be able to search for users (but not view their full details) can use a specific "brute-force-user" endpoint to access a user's full profile. This includes sensitive information and security metadata. The issue occurs because the system fails to check if the administrator has the required "view" permission for that specific user when using this particular search path.

Affected Products
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Build of Keycloak
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
keycloak-admin-ui
CPEs
  • cpe:/a:redhat:build_keycloak:
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Build of Keycloak
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhbk/keycloak-rhel9
CPEs
  • cpe:/a:redhat:build_keycloak:
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Build of Keycloak
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhbk-openshift-rhel9/rhbk-openshift-rhel9
CPEs
  • cpe:/a:redhat:build_keycloak:
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat JBoss Enterprise Application Platform Expansion Pack
Collection URL
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html
Package Name
keycloak-admin-ui
CPEs
  • cpe:/a:redhat:jbosseapxp
Default Status
affected
Problem Types
TypeCWE IDDescription
CWECWE-639Authorization Bypass Through User-Controlled Key
Type: CWE
CWE ID: CWE-639
Description: Authorization Bypass Through User-Controlled Key
Metrics
VersionBase scoreBase severityVector
3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Metrics Other Info
Red Hat severity rating
value:
Moderate
namespace:
https://access.redhat.com/security/updates/classification/
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

Exploits

Credits

Red Hat would like to thank Jinyeong Yang for reporting this issue.
Timeline
EventDate
Reported to Red Hat.2026-06-29 20:54:20
Made public.2026-06-30 11:08:07
Event: Reported to Red Hat.
Date: 2026-06-29 20:54:20
Event: Made public.
Date: 2026-06-30 11:08:07
Replaced By

Rejected Reason

References
HyperlinkResource
https://access.redhat.com/security/cve/CVE-2026-14209
vdb-entry
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2494837
issue-tracking
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/security/cve/CVE-2026-14209
Resource:
vdb-entry
x_refsource_REDHAT
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2494837
Resource:
issue-tracking
x_refsource_REDHAT
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:30 Jun, 2026 | 13:17
Updated At:01 Jul, 2026 | 20:26

A vulnerability was discovered in Keycloak's Admin UI extension that allows certain administrative users to bypass security restrictions. When Fine-Grained Admin Permissions (FGAPv2) are enabled, an administrator who should only be able to search for users (but not view their full details) can use a specific "brute-force-user" endpoint to access a user's full profile. This includes sensitive information and security metadata. The issue occurs because the system fails to check if the administrator has the required "view" permission for that specific user when using this particular search path.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
N/A
Type: Secondary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

Red Hat, Inc.
redhat
>>build_of_keycloak>>-
cpe:2.3:a:redhat:build_of_keycloak:-:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>jboss_enterprise_application_platform_expansion_pack>>-
cpe:2.3:a:redhat:jboss_enterprise_application_platform_expansion_pack:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-639Secondarysecalert@redhat.com
CWE ID: CWE-639
Type: Secondary
Source: secalert@redhat.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://access.redhat.com/security/cve/CVE-2026-14209secalert@redhat.com
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2494837secalert@redhat.com
Vendor Advisory
Hyperlink: https://access.redhat.com/security/cve/CVE-2026-14209
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2494837
Source: secalert@redhat.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

298Records found

CVE-2026-5138
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.25% / 15.90%
||
7 Day CHG~0.00%
Published-01 Jul, 2026 | 14:08
Updated-02 Jul, 2026 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foreman: foreman: information disclosure via improper validation of nested request parameters

A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomy_scope controller method does not properly validate organization and location IDs from nested request parameters, bypassing existing authorization checks. This allows the user to leak sensitive infrastructure metadata, including subnet topology, IP ranges, gateways, DNS servers, and VLAN IDs, from organizations and locations they are not authorized to access.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Satellite 6.18 for RHEL 9Red Hat Satellite 6.19 for RHEL 9Red Hat Satellite 6.17 for RHEL 9Red Hat Satellite 6Red Hat Satellite 6.16 for RHEL 9Red Hat Satellite 6.16 for RHEL 8
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-9791
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.21% / 11.80%
||
7 Day CHG+0.02%
Published-28 May, 2026 | 03:27
Updated-26 Jun, 2026 | 08:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Keycloak-rhel9: organization data leak after feature disabled in keycloak

A flaw was found in Keycloak. An authenticated user with existing organization membership can exploit this flaw by accessing user-facing APIs, such as the account API or by requesting an OpenID Connect (OIDC) token with the 'organization' scope. This allows organization metadata to be disclosed in tokens, even after an administrator has explicitly disabled the Organizations feature, potentially leading to incorrect authorization decisions by resource servers.

Action-Not Available
Vendor-Red Hat, Inc.
Product-build_of_keycloakRed Hat build of Keycloak 26.4Red Hat build of Keycloak 26.6.3Red Hat build of Keycloak 26.6Red Hat build of Keycloak 26.4.13
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-7309
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.18% / 7.66%
||
7 Day CHG~0.00%
Published-28 Apr, 2026 | 12:33
Updated-07 May, 2026 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Openshift-controller-manager: openshift container platform: information disclosure via environment variable injection

A flaw was found in the OpenShift Container Platform build system. A user with the `edit` ClusterRole can inject arbitrary environment variables, such as `LD_PRELOAD` or `http_proxy`, into `docker-build` containers through the `buildconfigs/instantiate` API. This incomplete fix for a previous vulnerability allows for information disclosure, specifically impacting the confidentiality of build traffic.

Action-Not Available
Vendor-Red Hat, Inc.
Product-openshift_container_platformRed Hat OpenShift Container Platform 4
CWE ID-CWE-426
Untrusted Search Path
CVE-2026-44930
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-4.3||MEDIUM
EPSS-0.68% / 47.88%
||
7 Day CHG+0.22%
Published-22 May, 2026 | 12:16
Updated-30 Jun, 2026 | 03:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache CXF: LDAP Injection vulnerability in XKMS LDAP Repository

An LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server in Apache CXF may allow an attacker to retrieve arbitrary certificates from the repository.  Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue.

Action-Not Available
Vendor-The Apache Software FoundationRed Hat, Inc.
Product-cxfApache CXFRed Hat build of Apache Camel for Spring Boot 4Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat Fuse 7
CWE ID-CWE-90
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
CVE-2026-14613
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-Not Assigned
Published-03 Jul, 2026 | 15:16
Updated-03 Jul, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Keycloak-services: keycloak-services: keycloak: fgap v2 role groups endpoint discloses hidden group metadata without group view permission

A vulnerability was discovered in Keycloak's administrative interface that allows certain administrators to see information about groups they shouldn't have access to. When the new Fine-Grained Admin Permissions (FGAP v2) are turned on, an administrator who is allowed to see a specific "role" can also see a list of all groups assigned to that role. The system fails to check if the administrator has permission to see those specific groups. This could allow a restricted administrator to discover "hidden" groups and see their details, such as internal names and custom settings, which might contain sensitive deployment information.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat Build of KeycloakRed Hat Data Grid 8Red Hat Single Sign-On 7
CVE-2025-2786
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.31% / 23.11%
||
7 Day CHG~0.00%
Published-02 Apr, 2025 | 11:07
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tempo-operator: serviceaccount token exposure leading to token and subject access reviews in openshift tempo operator

A flaw was found in Tempo Operator, where it creates a ServiceAccount, ClusterRole, and ClusterRoleBinding when a user deploys a TempoStack or TempoMonolithic instance. This flaw allows a user with full access to their namespace to extract the ServiceAccount token and use it to submit TokenReview and SubjectAccessReview requests, potentially revealing information about other users' permissions. While this does not allow privilege escalation or impersonation, it exposes information that could aid in gathering information for further attacks.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat OpenShift distributed tracing 3Red Hat OpenShift distributed tracing 3.5.1
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-2842
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.33% / 24.96%
||
7 Day CHG~0.00%
Published-02 Apr, 2025 | 11:09
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tempo-operator: tempo operator token exposition lead to read sensitive data

A flaw was found in the Tempo Operator. When the Jaeger UI Monitor Tab functionality is enabled in a Tempo instance managed by the Tempo Operator, the Operator creates a ClusterRoleBinding for the Service Account of the Tempo instance to grant the cluster-monitoring-view ClusterRole. This can be exploited if a user has 'create' permissions on TempoStack and 'get' permissions on Secret in a namespace (for example, a user has ClusterAdmin permissions for a specific namespace), as the user can read the token of the Tempo service account and therefore has access to see all cluster metrics.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat OpenShift distributed tracing 3Red Hat OpenShift distributed tracing 3.5.1
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-38733
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.42% / 33.58%
||
7 Day CHG~0.00%
Published-22 Aug, 2023 | 21:54
Updated-01 Oct, 2024 | 15:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Robotic Process Automation information disclosure

IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 server could allow an authenticated user to view sensitive information from installation logs. IBM X-Force Id: 262293.

Action-Not Available
Vendor-Red Hat, Inc.Microsoft CorporationIBM Corporation
Product-robotic_process_automationopenshiftwindowsRobotic Process Automation
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2023-38732
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.44% / 35.49%
||
7 Day CHG~0.00%
Published-22 Aug, 2023 | 13:13
Updated-01 Oct, 2024 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Robotic Process Automation information disclosure

IBM Robotic Process Automation 21.0.0 through 21.0.7 server could allow an authenticated user to view sensitive information from application logs. IBM X-Force ID: 262289.

Action-Not Available
Vendor-Red Hat, Inc.Microsoft CorporationIBM Corporation
Product-openshiftwindowsrobotic_process_automationrobotic_process_automation_for_cloud_pakRobotic Process Automation
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2026-37981
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 28.96%
||
7 Day CHG~0.00%
Published-19 May, 2026 | 10:28
Updated-03 Jun, 2026 | 19:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Keycloak: org.keycloak.authorization: keycloak: information disclosure via broken access control in user lookup endpoint

A flaw was found in Keycloak. A broken access control vulnerability in the Account Resources user lookup endpoint allows a remote authenticated user, who owns at least one User-Managed Access (UMA) resource, to enumerate and harvest personally identifiable information (PII) for all realm users. By sending crafted requests with arbitrary usernames or email values, the endpoint returns full profile objects for unrelated users. This leads to broad profile-level information disclosure.

Action-Not Available
Vendor-Red Hat, Inc.
Product-build_of_keycloakRed Hat build of Keycloak 26.4.12Red Hat build of Keycloak 26.4
CWE ID-CWE-1220
Insufficient Granularity of Access Control
CVE-2023-3629
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.58% / 43.42%
||
7 Day CHG~0.00%
Published-18 Dec, 2023 | 13:43
Updated-07 Nov, 2025 | 10:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Infinispan: non-admins should not be able to get cache config via rest api

A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.

Action-Not Available
Vendor-infinispanRed Hat, Inc.
Product-jboss_data_gridinfinispanjboss_enterprise_application_platformdata_gridRed Hat JBoss Enterprise Application Platform 6Red Hat Data Grid 8.4.4
CWE ID-CWE-304
Missing Critical Step in Authentication
CVE-2019-14820
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.72% / 49.29%
||
7 Day CHG~0.00%
Published-08 Jan, 2020 | 14:50
Updated-05 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was found that keycloak before version 8.0.0 exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL. This vulnerability could allow an attacker to access unauthorized information.

Action-Not Available
Vendor-keycloakRed Hat, Inc.
Product-single_sign-onjboss_fusejboss_enterprise_application_platformkeycloakkeycloak
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-14885
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.74% / 50.15%
||
7 Day CHG~0.00%
Published-23 Jan, 2020 | 00:00
Updated-05 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the JBoss EAP Vault system in all versions before 7.2.6.GA. Confidential information of the system property's security attribute value is revealed in the JBoss EAP log file when executing a JBoss CLI 'reload' command. This flaw can lead to the exposure of confidential information.

Action-Not Available
Vendor-Red Hat, Inc.
Product-jboss_enterprise_application_platformsingle_sign-onJBoss EAP
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2026-3190
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.32% / 23.79%
||
7 Day CHG~0.00%
Published-26 Mar, 2026 | 19:12
Updated-02 Apr, 2026 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Keycloak: keycloak: information disclosure via improper role enforcement in uma 2.0 protection api

A flaw was found in Keycloak. The User-Managed Access (UMA) 2.0 Protection API endpoint for permission tickets fails to enforce the `uma_protection` role check. This allows any authenticated user with a token issued for a resource server client, even without the `uma_protection` role, to enumerate all permission tickets in the system. This vulnerability partial leads to information disclosure.

Action-Not Available
Vendor-Red Hat, Inc.
Product-build_of_keycloakRed Hat build of Keycloak 26.4Red Hat build of Keycloak 26.4.11
CWE ID-CWE-280
Improper Handling of Insufficient Permissions or Privileges
CVE-2021-4180
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.75% / 50.55%
||
7 Day CHG~0.00%
Published-23 Mar, 2022 | 19:46
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the www_authenticate_uri parameter (which is visible to all end users) in configuration files. This would give sensitive information which may aid in additional system exploitation. This flaw affects openstack-tripleo-heat-templates versions prior to 11.6.1.

Action-Not Available
Vendor-n/aOpenStackRed Hat, Inc.
Product-tripleo_heat_templatesopenstackopenstack-tripleo-heat-templates
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2021-3856
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.90% / 55.16%
||
7 Day CHG+0.03%
Published-26 Aug, 2022 | 15:25
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a resource to the classloader. By sending requests for theme resources with a relative path from an external HTTP client, the client will receive the content of random files if available.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-keycloakkeycloak
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-3503
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-1.02% / 59.07%
||
7 Day CHG~0.00%
Published-18 Apr, 2022 | 16:20
Updated-03 Aug, 2024 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in Wildfly where insufficient RBAC restrictions may lead to expose metrics data. The highest threat from this vulnerability is to the confidentiality.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-wildflywildfly
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-32672
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-1.70% / 74.43%
||
7 Day CHG~0.00%
Published-04 Oct, 2021 | 17:40
Updated-03 Aug, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vulnerability in Lua Debugger in Redis

Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging support (3.2 or newer). The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14.

Action-Not Available
Vendor-Red Hat, Inc.Redis Inc.Oracle CorporationNetApp, Inc.Debian GNU/LinuxFedora Project
Product-communications_operations_monitordebian_linuxsoftware_collectionsmanagement_services_for_netapp_hcifedoraenterprise_linuxredismanagement_services_for_element_softwareredis
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-7631
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.46% / 36.96%
||
7 Day CHG~0.00%
Published-19 Mar, 2025 | 18:47
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Openshift-console: openshift console: path traversal

A flaw was found in the OpenShift Console, an endpoint for plugins to serve resources in multiple languages: /locales/resources.json. This endpoint's lng and ns parameters are used to construct a filepath in pkg/plugins/handlers unsafely.go#L112 Because of this unsafe filepath construction, an authenticated user can manipulate the path to retrieve any JSON files on the console's pod by using sequences of ../ and valid directory paths.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat OpenShift Container Platform 4Red Hat OpenShift Container Platform 3.11
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-11785
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.18% / 7.68%
||
7 Day CHG-0.03%
Published-09 Jun, 2026 | 12:57
Updated-30 Jun, 2026 | 09:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
389-ds-base: 389-ds-base: partial stack address information leak via ber_printf type confusion in sso token handler

A flaw was found in 389 Directory Server. A type confusion in the SSO token extended operation handler causes partial stack address information to be disclosed in LDAP responses to authenticated users.

Action-Not Available
Vendor-Red Hat, Inc.
Product-directory_server389_directory_serverenterprise_linuxRed Hat Directory Server 11Red Hat Directory Server 13Red Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat Enterprise Linux 6Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Directory Server 12
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2026-12515
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.20% / 9.65%
||
7 Day CHG~0.00%
Published-17 Jun, 2026 | 15:34
Updated-26 Jun, 2026 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Katello: missing repository authorization in content_uploads exposes cross-product content existence

A flaw was found in Katello's of Red Hat Satellite. A content upload functionality where insufficient authorization checks in the ContentUploadsController allowed users with the edit_products permission to query content information for repositories outside the products they were authorized to manage. An authenticated attacker could exploit this issue to determine whether specific content exists within repositories that should otherwise be inaccessible. This issue does not allow unauthorized modification, import, or publication of content.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Satellite 6Red Hat Hardened Images
CWE ID-CWE-862
Missing Authorization
CVE-2025-9640
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.42% / 33.92%
||
7 Day CHG~0.00%
Published-15 Oct, 2025 | 12:47
Updated-30 Jun, 2026 | 09:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Samba: vfs_streams_xattr uninitialized memory write possible

A flaw was found in Samba, in the vfs_streams_xattr module, where uninitialized heap memory could be written into alternate data streams. This allows an authenticated user to read residual memory content that may include sensitive data, resulting in an information disclosure vulnerability.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat OpenShift Container Platform 4Red Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2021-20229
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-1.47% / 70.50%
||
7 Day CHG~0.00%
Published-23 Feb, 2021 | 17:40
Updated-03 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in PostgreSQL in versions before 13.2. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat from this vulnerability is to confidentiality.

Action-Not Available
Vendor-n/aThe PostgreSQL Global Development GroupFedora ProjectRed Hat, Inc.
Product-software_collectionsfedorapostgresqlenterprise_linuxPostgreSQL
CWE ID-CWE-863
Incorrect Authorization
CVE-2021-20250
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.74% / 50.18%
||
7 Day CHG~0.00%
Published-13 May, 2021 | 13:35
Updated-03 Aug, 2024 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-jboss_enterprise_application_platform_expansion_packjboss-ejb-clientwildfly
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-25724
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.63% / 45.71%
||
7 Day CHG~0.00%
Published-26 May, 2021 | 20:52
Updated-04 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in RESTEasy, where an incorrect response to an HTTP request is provided. This flaw allows an attacker to gain access to privileged information. The highest threat from this vulnerability is to confidentiality and integrity. Versions before resteasy 2.0.0.Alpha3 are affected.

Action-Not Available
Vendor-quarkusn/aRed Hat, Inc.
Product-resteasyquarkusresteasy
CWE ID-CWE-567
Unsynchronized Access to Shared Data in a Multithreaded Context
CVE-2020-1724
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.82% / 52.81%
||
7 Day CHG~0.00%
Published-11 May, 2020 | 20:10
Updated-04 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in Keycloak in versions before 9.0.2. This flaw allows a malicious user that is currently logged in, to see the personal information of a previously logged out user in the account manager section.

Action-Not Available
Vendor-Red Hat, Inc.
Product-single_sign-onopenshift_application_runtimeskeycloakkeycloak
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2020-14313
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.87% / 54.48%
||
7 Day CHG~0.00%
Published-11 Aug, 2020 | 13:42
Updated-04 Aug, 2024 | 12:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability was found in Red Hat Quay in versions before 3.3.1. This flaw allows an attacker who can create a build trigger in a repository, to disclose the names of robot accounts and the existence of private repositories within any namespace.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-quayQuay
CVE-2020-14318
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-1.52% / 71.52%
||
7 Day CHG~0.00%
Published-03 Dec, 2020 | 00:00
Updated-29 Oct, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker.

Action-Not Available
Vendor-n/aSambaRed Hat, Inc.
Product-storageenterprise_linuxsambasambastorageenterprise_linux
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-269
Improper Privilege Management
CVE-2019-10354
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-1.65% / 73.58%
||
7 Day CHG~0.00%
Published-17 Jul, 2019 | 15:45
Updated-04 Aug, 2024 | 22:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information.

Action-Not Available
Vendor-Red Hat, Inc.Jenkins
Product-jenkinsopenshift_container_platformJenkins
CWE ID-CWE-862
Missing Authorization
CVE-2019-10159
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.72% / 49.23%
||
7 Day CHG~0.00%
Published-14 Jun, 2019 | 13:53
Updated-04 Aug, 2024 | 22:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

cfme-gemset versions 5.10.4.3 and below, 5.9.9.3 and below are vulnerable to a data leak, due to an improper authorization in the migration log controller. An attacker with access to an unprivileged user can access all VM migration logs available.

Action-Not Available
Vendor-Red Hat, Inc.
Product-cloudformscfme-gemsetcfme
CWE ID-CWE-285
Improper Authorization
CVE-2019-10357
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-1.21% / 64.81%
||
7 Day CHG~0.00%
Published-31 Jul, 2019 | 12:45
Updated-04 Aug, 2024 | 22:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins Pipeline: Shared Groovy Libraries Plugin 2.14 and earlier allowed users with Overall/Read access to obtain limited information about the content of SCM repositories referenced by global libraries.

Action-Not Available
Vendor-Red Hat, Inc.Jenkins
Product-pipeline\openshift_container_platformJenkins Pipeline: Shared Groovy Libraries Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2023-35900
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.44% / 35.13%
||
7 Day CHG~0.00%
Published-19 Jul, 2023 | 00:58
Updated-21 Oct, 2024 | 14:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Robotic Process Automation information disclosure

IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.4 and 23.0.0 through 23.0.5 is vulnerable to disclosing server version information which may be used to determine software vulnerabilities at the operating system level. IBM X-Force ID: 259368.

Action-Not Available
Vendor-Red Hat, Inc.Microsoft CorporationIBM Corporation
Product-robotic_process_automationrobotic_process_automation_as_a_serviceopenshiftwindowsrobotic_process_automation_for_cloud_pakRobotic Process Automation
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-2813
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-2.57% / 83.24%
||
7 Day CHG~0.00%
Published-19 Apr, 2018 | 02:00
Updated-03 Oct, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-MariaDB FoundationDebian GNU/LinuxNetApp, Inc.Red Hat, Inc.Oracle CorporationCanonical Ltd.
Product-enterprise_linux_serverubuntu_linuxenterprise_linux_server_eusenterprise_linux_server_ausopenstackoncommand_workflow_automationsnapcenterdebian_linuxmariadbenterprise_linux_workstationstorage_automation_storeenterprise_linux_server_tusoncommand_unified_managerenterprise_linux_desktopmysqloncommand_insightMySQL Server
CVE-2018-2588
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-3.44% / 87.50%
||
7 Day CHG-0.02%
Published-18 Jan, 2018 | 02:00
Updated-03 Oct, 2024 | 20:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: LDAP). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-Canonical Ltd.Debian GNU/LinuxHP Inc.Oracle CorporationRed Hat, Inc.
Product-enterprise_linux_serverubuntu_linuxxp7_command_viewenterprise_linux_server_eusenterprise_linux_server_aussatellitejdkstruxureware_data_center_expertjrockitxp_command_viewdebian_linuxxp_p9000_command_viewjreenterprise_linux_workstationenterprise_linux_server_tusenterprise_linux_desktopJava
CVE-2022-4245
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.69% / 48.41%
||
7 Day CHG~0.00%
Published-25 Sep, 2023 | 19:20
Updated-10 Oct, 2024 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Codehaus-plexus: xml external entity (xxe) injection

A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.

Action-Not Available
Vendor-codehaus-plexusRed Hat, Inc.
Product-integration_camel_kplexus-utilsRed Hat Software CollectionsA-MQ Clients 2Red Hat support for Spring BootRed Hat Process Automation 7Red Hat JBoss Fuse 7Red Hat A-MQ OnlineRed Hat JBoss Web Server 3Red Hat Enterprise Linux 9Red Hat Data Grid 8Red Hat JBoss Data Grid 7Red Hat build of Apache Camel for Spring BootRed Hat JBoss A-MQ 7Red Hat JBoss Fuse Service Works 6Red Hat OpenShift Application RuntimesRed Hat Enterprise Linux 8Red Hat Integration Service RegistryRed Hat Enterprise Linux 7Red Hat Integration Camel QuarkusRHPAM 7.13.1 asyncRed Hat JBoss Enterprise Application Platform Expansion PackRed Hat Integration Change Data CaptureRed Hat JBoss Enterprise Application Platform 7RHINT Camel-K-1.10.1Red Hat Decision Manager 7Red Hat JBoss Fuse 6Red Hat build of QuarkusRed Hat Single Sign-On 7Red Hat JBoss Web Server 5Red Hat JBoss Enterprise Application Platform 6
CWE ID-CWE-91
XML Injection (aka Blind XPath Injection)
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2021-44141
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-1.10% / 61.56%
||
7 Day CHG~0.00%
Published-21 Feb, 2022 | 00:00
Updated-04 Aug, 2024 | 04:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed.

Action-Not Available
Vendor-n/aSambaFedora ProjectRed Hat, Inc.
Product-storagefedorasambaSamba
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2021-3763
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.56% / 42.73%
||
7 Day CHG~0.00%
Published-23 Aug, 2022 | 15:51
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the Red Hat AMQ Broker management console in version 7.8 where an existing user is able to access some limited information even when the role the user is assigned to should not be allow access to the management console. The main impact is to confidentiality as this flaw means some role bindings are incorrectly checked, some privileged meta information such as queue names and configuration details are disclosed but the impact is limited as not all information is accessible and there is no affect to integrity.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-amq_brokerAMQ Broker
CWE ID-CWE-863
Incorrect Authorization
CVE-2021-3393
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-1.19% / 64.06%
||
7 Day CHG~0.00%
Published-01 Apr, 2021 | 13:46
Updated-03 Aug, 2024 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, might disclose values from that column in error messages. An attacker could use this flaw to obtain information stored in a column they are allowed to write but not read.

Action-Not Available
Vendor-n/aThe PostgreSQL Global Development GroupRed Hat, Inc.
Product-postgresqlsoftware_collectionsenterprise_linuxpostgresql
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2021-20306
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.66% / 46.81%
||
7 Day CHG~0.00%
Published-01 Jun, 2021 | 13:38
Updated-03 Aug, 2024 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the BPMN editor in version jBPM 7.51.0.Final. Any authenticated user from any project can see the name of Ruleflow Groups from other projects, despite the user not having access to those projects. The highest threat from this vulnerability is to confidentiality.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-process_automationdescision_managerjbpmBusiness-central
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-31419
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.40% / 31.71%
||
7 Day CHG~0.00%
Published-03 Apr, 2024 | 14:00
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cnv: information disclosure through the usage of vm-dump-metrics

An information disclosure flaw was found in OpenShift Virtualization. The DownwardMetrics feature was introduced to expose host metrics to virtual machine guests and is enabled by default. This issue could expose limited host metrics of a node to any guest in any namespace without being explicitly enabled by an administrator.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat OpenShift Virtualization 4
CWE ID-CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CVE-2022-30598
Matching Score-8
Assigner-Fedora Project
ShareView Details
Matching Score-8
Assigner-Fedora Project
CVSS Score-4.3||MEDIUM
EPSS-1.01% / 58.98%
||
7 Day CHG~0.00%
Published-18 May, 2022 | 17:06
Updated-03 Aug, 2024 | 06:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in moodle where global search results could include author information on some activities where a user may not otherwise have access to it.

Action-Not Available
Vendor-n/aMoodle Pty LtdRed Hat, Inc.Fedora Project
Product-enterprise_linuxfedoramoodlemoodle
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-0560
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.49% / 38.33%
||
7 Day CHG~0.00%
Published-28 Feb, 2024 | 16:37
Updated-20 Nov, 2025 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apicast: use_3scale_oidc_issuer_endpoint of token introspection policy isn't compatible with rh-sso 7.5 or later versions

A vulnerability was found in 3Scale, when used with Keycloak 15 (or RHSSO 7.5.0) and superiors. When the auth_type is use_3scale_oidc_issuer_endpoint, the Token Introspection policy discovers the Token Introspection endpoint from the token_introspection_endpoint field, but the field was removed on RH-SSO 7.5. As a result, the policy doesn't inspect tokens, it determines that all tokens are valid.

Action-Not Available
Vendor-Red Hat, Inc.
Product-keycloak3scaleRed Hat 3scale API Management Platform 2
CWE ID-CWE-280
Improper Handling of Insufficient Permissions or Privileges
CVE-2023-6121
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-1.66% / 73.73%
||
7 Day CHG~0.00%
Published-16 Nov, 2023 | 14:45
Updated-12 May, 2026 | 11:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kernel: nvme: info leak due to out-of-bounds read in nvmet_ctrl_find_get

An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer (dmesg).

Action-Not Available
Vendor-Siemens AGRed Hat, Inc.
Product-enterprise_linuxRed Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9Red Hat Enterprise Linux 7SIPLUS S7-1500 CPU 1518-4 PN/DP MFPRUGGEDCOM RST2428PSIMATIC S7-1500 CPU 1518F-4 PN/DP MFPSIMATIC S7-1500 CPU 1518-4 PN/DP MFPSCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 familySCALANCE XCM-/XRM-/XCH-/XRH-300 familySIMATIC S7-1500 TM MFP - GNU/Linux subsystem
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-5868
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-2.77% / 84.60%
||
7 Day CHG~0.00%
Published-10 Dec, 2023 | 17:56
Updated-23 Jun, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Postgresql: memory disclosure in aggregate function calls

A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.

Action-Not Available
Vendor-The PostgreSQL Global Development GroupRed Hat, Inc.
Product-enterprise_linux_for_ibm_z_systemsenterprise_linux_for_power_little_endian_euscodeready_linux_builder_euscodeready_linux_builder_for_power_little_endian_eusenterprise_linux_for_arm_64enterprise_linuxenterprise_linux_for_power_little_endianenterprise_linux_eusenterprise_linux_server_ausenterprise_linux_server_tuscodeready_linux_builder_for_ibm_z_systems_euscodeready_linux_builder_for_arm64_eusenterprise_linux_for_ibm_z_systems_eussoftware_collectionspostgresqlcodeready_linux_builder_eus_for_power_little_endian_eusRed Hat Enterprise Linux 8.4 Telecommunications Update ServiceRed Hat Enterprise Linux 9.0 Extended Update SupportRed Hat Enterprise Linux 8.4 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.6 Extended Update SupportRed Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat Enterprise Linux 8.8 Extended Update SupportRed Hat Enterprise Linux 9.2 Extended Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 6Red Hat Enterprise Linux 8.2 Update Services for SAP SolutionsRed Hat Software Collections for Red Hat Enterprise Linux 7Red Hat Advanced Cluster Security 4.2Red Hat Software CollectionsRed Hat Enterprise Linux 8.2 Telecommunications Update ServiceRed Hat Enterprise Linux 8RHACS-4.1-RHEL-8RHACS-3.74-RHEL-8
CWE ID-CWE-686
Function Call With Incorrect Argument Type
CVE-2026-9087
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.31% / 22.96%
||
7 Day CHG+0.02%
Published-20 May, 2026 | 16:13
Updated-26 Jun, 2026 | 08:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Keycloak: cross-session email verification proof not bound to upstream identity in first-broker-login

A flaw was found in Keycloak. The cross-session verification proof is keyed only by (local userId, idpAlias) and is not bound to the upstream identity that was actually verified, so a second upstream account on the same IdP can consume it and get linked to the victim's local account.

Action-Not Available
Vendor-Red Hat, Inc.
Product-build_of_keycloakRed Hat build of Keycloak 26.4Red Hat build of Keycloak 26.6.3Red Hat build of Keycloak 26.6Red Hat build of Keycloak 26.4.13
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-9099
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.7||HIGH
EPSS-0.29% / 20.62%
||
7 Day CHG~0.00%
Published-25 Jun, 2026 | 16:16
Updated-01 Jul, 2026 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Keycloak: group-admin escalation to realm-admin

A flaw was found in Keycloak. A missing authorization check in the GroupResource.addChild() endpoint within the Admin REST API allows an authenticated user with limited administrative privileges to reparent any existing group. When Fine-Grained Admin Permissions v2 (FGAPv2) is enabled, an attacker with management rights over a single low-privilege group can reparent a highly privileged group (such as one possessing the realm-admin role) under their managed group. Because group permissions follow a hierarchical structure, this action unauthorizedly grants the attacker management and password-reset capabilities over the members of the targeted privileged group. An attacker can exploit this to reset an administrator's password, compromise the account, and achieve a full realm takeover, leading to a complete compromise of confidentiality, integrity, and availability.

Action-Not Available
Vendor-Red Hat, Inc.
Product-build_of_keycloakRed Hat build of Keycloak 26.4Red Hat build of Keycloak 26.6Red Hat build of Keycloak 26.4.13Red Hat build of Keycloak 26.6.4Red Hat build of Keycloak 26.4Red Hat build of Keycloak 26.6Red Hat build of Keycloak 26.4.13Red Hat build of Keycloak 26.6.4
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-5142
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.27% / 18.64%
||
7 Day CHG~0.00%
Published-01 Jul, 2026 | 14:07
Updated-02 Jul, 2026 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foreman: foreman: cross-tenant private ssh key disclosure via taxonomy scoping bypass

A flaw was found in foreman. Authenticated users with 'view_keypairs' permission can bypass taxonomy scoping, allowing them to download private SSH (Secure Shell) keys from other organizations by directly querying key pair IDs. This vulnerability leads to cross-tenant data exposure in multi-tenant deployments, potentially compromising sensitive information.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Satellite 6.18 for RHEL 9Red Hat Satellite 6.19 for RHEL 9Red Hat Satellite 6.17 for RHEL 9Red Hat Satellite 6Red Hat Satellite 6.16 for RHEL 9Red Hat Satellite 6.16 for RHEL 8
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-5135
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.26% / 17.56%
||
7 Day CHG~0.00%
Published-01 Jul, 2026 | 14:08
Updated-02 Jul, 2026 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foreman: foreman: unauthorized modification of host configurations via broken access control

A flaw was found in Foreman. This broken access control vulnerability allows an authenticated user with host-edit permissions to retarget an existing lookup value override to a different host. This is achieved by modifying the match field through nested host attributes, effectively bypassing authorisation checks. The consequence is the potential for unauthorised modification of managed host configurations across different organisational and location boundaries.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Satellite 6.18 for RHEL 9Red Hat Satellite 6.19 for RHEL 9Red Hat Satellite 6.17 for RHEL 9Red Hat Satellite 6Red Hat Satellite 6.16 for RHEL 9Red Hat Satellite 6.16 for RHEL 8
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-9799
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.6||MEDIUM
EPSS-0.17% / 6.23%
||
7 Day CHG~0.00%
Published-25 Jun, 2026 | 16:17
Updated-01 Jul, 2026 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Keycloak: keycloak: unauthorized access to resources via uma permission ticket bypass

A flaw was found in org.keycloak.authorization. An authenticated user with a granted User-Managed Access (UMA) permission ticket for one resource can exploit this by using a specific permission request prefix to bypass per-resource access control. This allows the user to gain unauthorized access to all resources of that type within the same resource server, even if they do not have a ticket for those specific resources. This vulnerability requires the resource server to be configured in PERMISSIVE policy enforcement mode and affects typed resources with ownerManagedAccess enabled, where no explicit policy protects the resource type. The primary consequence is unauthorized information disclosure or modification of resources.

Action-Not Available
Vendor-Red Hat, Inc.
Product-build_of_keycloakRed Hat build of Keycloak 26.4Red Hat build of Keycloak 26.6Red Hat build of Keycloak 26.4.13Red Hat build of Keycloak 26.6.4
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-4630
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.30% / 22.10%
||
7 Day CHG~0.00%
Published-19 May, 2026 | 10:28
Updated-03 Jun, 2026 | 19:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Keycloak: keycloak: unauthorized resource access and data modification via insecure direct object reference

A flaw was found in Keycloak. An authenticated client could exploit an Insecure Direct Object Reference (IDOR) vulnerability in the Authorization Services Protection API endpoint. By knowing or obtaining a resource's unique identifier (UUID) belonging to another Resource Server within the same realm, the client could bypass authorization checks. This allows the client to perform unauthorized GET, PUT, and DELETE operations on resources, leading to information disclosure and potential unauthorized modification or deletion of data.

Action-Not Available
Vendor-Red Hat, Inc.
Product-build_of_keycloakRed Hat build of Keycloak 26.4.12Red Hat build of Keycloak 26.4
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found