Vulnerability Details : CVE-2020-1714

A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potentially lead to remote code execution.

Vulnerability category: Input validationExecute code

Published 2020-05-13 19:15:12

Updated 2021-10-19 14:15:07

Source Red Hat, Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2020-1714

Probability of exploitation activity in the next 30 days: 0.39%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 70 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2020-1714

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
6.5	MEDIUM	AV:N/AC:L/Au:S/C:P/I:P/A:P	8.0	6.4	nvd@nist.gov
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
7.5	HIGH	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H	1.6	5.9	secalert@redhat.com
Attack Vector: Network Attack Complexity: High Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	2.8	5.9	nvd@nist.gov
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2020-1714

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)

References for CVE-2020-1714

https://github.com/keycloak/keycloak/pull/7053

[Keycloak-10162] Usage of ObjectInputStream without checking the object types by douglaspalmer · Pull Request #7053 · keycloak/keycloak · GitHub
Patch;Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1714

1705975 – (CVE-2020-1714) CVE-2020-1714 keycloak: Lack of checks in ObjectInputStream leading to Remote Code Execution
Issue Tracking;Vendor Advisory

Products affected by CVE-2020-1714

Redhat » Jboss Fuse » Version: 7.0.0
cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*
Matching versions
Redhat » Keycloak
Versions before (<) 11.0.0
cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*
Matching versions
Redhat » Decision Manager » Version: 7.0
cpe:2.3:a:redhat:decision_manager:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Single Sign-on » Version: 7.0
cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Openshift Application Runtimes » Version: N/A
cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:*:*:*:*
Matching versions
Redhat » Process Automation » Version: 7.0
cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*
Matching versions
Quarkus » Quarkus
Versions up to, including, (<=) 1.4.2
cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*
Matching versions