What is CVE-2020-27838?

CVE-2020-27838 is a vulnerability in Keycloak, classified under Improper Authentication. Published 2021-03-08.

Is CVE-2020-27838 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Auth bypass in Keycloak

CVE-2020-27838

A flaw was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fetching information about PUBLIC clients (like client secret) without authentication which could be an issue if the same PUBLIC client chang…

Vulnerability class: Broken Authentication

EPSS: 0.851 (99.4th percentile) — read the EPSS interpretation.

Affected products

N/a Keycloak — versions keycloak 13.0.0

Weakness classification (CWE)

CWE-287 — Improper Authentication

Public proof-of-concept exploits

Cappricio-Securities/CVE-2020-27838
carlosalbertotuma/Keycloak-Sniper
j4k0m/godkiller
muneebaashiq/MBProjects

References

bugzilla.redhat.com/show_bug.cgi (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-27838?: CVE-2020-27838 is a vulnerability in Keycloak, classified under Improper Authentication. Published 2021-03-08.
Is CVE-2020-27838 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.