Compliance Impact

The provided information does not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Useful 0 Not Useful 0

Executive Summary

This vulnerability is a flaw in the Keycloak Admin REST API that allows unauthorized disclosure of sensitive role metadata. It occurs because the /admin/realms/{realm}/roles endpoint does not properly enforce authorization checks, potentially exposing sensitive information about roles to users who should not have access.

Useful 0 Not Useful 0

Impact Analysis

The impact of this vulnerability is information disclosure of sensitive role metadata. This could allow an attacker or unauthorized user to gain insights into role configurations and permissions within Keycloak, potentially aiding further attacks or unauthorized access attempts. However, the vulnerability does not affect integrity or availability.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by attempting to access the /admin/realms/{realm}/roles endpoint of the Keycloak Admin REST API with a user having the role_query-groups permission. If the user is able to retrieve the complete list of realm roles including sensitive metadata, the system is vulnerable. A possible command to test this is using curl with authentication to query the endpoint, for example: curl -H "Authorization: Bearer <token>" https://<keycloak-server>/admin/realms/<realm>/roles. If the response includes sensitive role metadata, the vulnerability is present. [1]

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include restricting access to the /admin/realms/{realm}/roles endpoint to only fully authorized users, reviewing and tightening the permissions assigned to users with the role_query-groups permission, and monitoring API access logs for suspicious activity. Additionally, applying any available patches or updates from Keycloak or your vendor addressing this vulnerability is recommended. [1]

Useful 0 Not Useful 0