CVE-2020-1731

CRITICAL

9.1

CVSS Severity Score

EPSS Score0.1750%

EPSS Percentile5.55th

PublishedMar 2, 2020

Last ModifiedNov 21, 2024

Vulnerability Description

A flaw was found in all versions of the Keycloak operator, before version 8.0.2,(community only) where the operator generates a random admin password when installing Keycloak, however the password remains the same when deployed to the same OpenShift namespace.

Affected Platforms (CPE)

📦

Redhat

Keycloak Operator

< 8.0.2

References & Advisories

🔗 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1731

Related Vulnerabilities

CVE-2026-4638910.0

UDS Identity Config builds the Keycloak configuration image (realm, plugins, theme, truststore, JARs) consumed by UDS Core's Ident...

CVE-2019-101998.8

It was found that Keycloak's account console, up to 6.0.1, did not perform adequate header checks in some requests. An attacker co...

CVE-2026-75005.4

When Keycloak is started with `--features-disabled=account,account-api`, the Account REST API is only partially disabled. Five end...

CVE-2020-676910.0

Missing Authentication for Critical Function in the Bosch Video Streaming Gateway (VSG) allows an unauthenticated remote attacker ...