VDB
KO
HIGH 7.3

GHSA-32h4-44jj-c5vx

Keycloak has privilege escalation via improper scope mapping enforcement

Details

### Description A flaw was found in Keycloak's Fine-Grained Admin Permissions (FGAPv2) feature. An administrator with limited client management permissions can exploit this vulnerability to assign any realm role, including highly privileged roles, to a client's scope mapping. This bypasses intended security controls, allowing the injected role to be projected into a user's authentication token when they access the modified client. This could lead to unauthorized privilege escalation within the Keycloak realm.

Are you affected?

Enter the version of the package you're using.

Affected packages

Maven / org.keycloak:keycloak-services
Introduced in: 0 Fixed in: 26.6.4
Fix # pom.xml: bump <version>26.6.4</version> for org.keycloak:keycloak-services

References