GHSA-p5q4-94mg-325pHighCVSS 7.2
A flaw was found in Keycloak. A limited administrator can exploit an improper access control...
🔗 CVE IDs covered (1)
📋 Description
A flaw was found in Keycloak. A limited administrator can exploit an improper access control vulnerability in the POST /admin/realms/{realm}/partialImport endpoint. This allows them to bypass Fine-Grained Admin Permissions (FGAP) and escalate their privileges to a full realm administrator by importing users with realm-admin role mappings.