Impact
A flaw in Keycloak Policy Enforcer enables any authenticated user to bypass all authorization checks, including role, scope, and User‑Managed Access permissions. By inserting the configured access‑denied page path into a request URL—as either a path segment or a query parameter—an attacker can trick the system into granting access to protected resources. The weakness, identified as CWE‑1025, results in unauthorized access and potential compromise of confidential or sensitive data within the application.
Affected Systems
The vulnerability affects the Red Hat Build of Keycloak. No specific product versions are listed in the available data, so it is currently unknown which exact releases contain the issue.
Risk and Exploitability
The CVSS score of 8.1 indicates a high‑severity flaw. While the EPSS score is not available, the known exploitation path—an authenticated user crafting a URL with the access‑denied path—suggests that exploitation is straightforward. The vulnerability is not listed in the CISA KEV catalog, but organizations using this product version should treat it as a critical risk until a patch is applied.
OpenCVE Enrichment