Skip to main content

Authorization Bypass Through User-Controlled Key


Severity High
Score 9.8/10


A privilege escalation flaw was found in the token exchange feature of keycloak before 18.0.0. Missing authorization allows a client application holding a valid access token to exchange tokens for any target client by passing the "client_id" of the target. This could allow a client to gain unauthorized access to additional services.

  • LOW
  • HIGH
  • NONE
  • NONE
  • HIGH
  • HIGH

CWE-639 - Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

Advisory Timeline

  • Published