{"id":"CVE-2019-14820","details":"It was found that keycloak before version 8.0.0 exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL. This vulnerability could allow an attacker to access unauthorized information.","aliases":["GHSA-xfqh-7356-vqjj"],"modified":"2026-05-15T12:03:35.141340082Z","published":"2020-01-08T15:15:11.260Z","database_specific":{"unresolved_ranges":[{"cpes":["cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*","cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"6.4.0"},{"last_affected":"7.2.0"}],"source":"CPE_FIELD","vendor_product":"redhat:jboss_enterprise_application_platform"},{"cpes":["cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"7.0.0"}],"source":"CPE_FIELD","vendor_product":"redhat:jboss_fuse"},{"cpes":["cpe:2.3:a:redhat:single_sign-on:7.3:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"7.3"}],"source":"CPE_FIELD","vendor_product":"redhat:single_sign-on"}]},"references":[{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14820"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}]}