EUVD-2026-16309
GHSA-q35r-vvhv-vx5h
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
4Description
A flaw was found in Keycloak. The User-Managed Access (UMA) 2.0 Protection API endpoint for permission tickets fails to enforce the `uma_protection` role check. This allows any authenticated user with a token issued for a resource server client, even without the `uma_protection` role, to enumerate all permission tickets in the system. This vulnerability partial leads to information disclosure.
Analysis
Keycloak's User-Managed Access (UMA) 2.0 Protection API fails to enforce role-based access control on the permission tickets endpoint, allowing any authenticated user with a resource server client token to enumerate all permission tickets regardless of authorization level. This information disclosure vulnerability affects Red Hat Build of Keycloak across multiple versions and requires valid authentication to exploit, posing a moderate risk to multi-tenant environments where ticket enumeration could expose sensitive access control data. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.
Sign in for detailed remediation steps.
Priority Score
Vendor Status
Debian
Bug #1088287| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| open | - | - |
Share
External POC / Exploit Code
Leaving vuln.today