CVE-2020-1758 vulnerability in Red Hat Products
Published on May 15, 2020
A flaw was found in Keycloak in versions before 10.0.0, where it does not perform the TLS hostname verification while sending emails using the SMTP server. This flaw allows an attacker to perform a man-in-the-middle (MITM) attack.
Vulnerability Analysis
CVE-2020-1758 is exploitable with network access, requires user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Weakness Type
Improper Validation of Certificate with Host Mismatch
The software communicates with a host that provides a certificate, but the software does not properly ensure that the certificate is actually associated with that host.
Products Associated with CVE-2020-1758
stack.watch emails you whenever new vulnerabilities are published in Red Hat Keycloak or Red Hat Openstack. Just hit a watch button to start following.
Affected Versions
Red Hat keycloak Version keycloak versions before 10.0.0 is affected by CVE-2020-1758Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.