Thanks to visit codestin.com
Credit goes to github.com

Skip to content

CVE-2025-5416 keycloak-core: Keycloak Environment Information #45776

New issue
New issue
Closed
cve
#45903
Closed
CVE-2025-5416 keycloak-core: Keycloak Environment Information#45776
cve
#45903
Assignees
rmartinc
Labels
kind/cveIssues identified as CVEs on third-party dependencies, or issues which Keycloak is not affectedpriority/importantMust be worked on very soonrelease/26.5.4release/26.6.0team/core-clients
@rmartinc

Description

@rmartinc
rmartinc
opened on Jan 27, 2026

Description

Source:

https://bugzilla.redhat.com/show_bug.cgi?id=2369601
https://issues.redhat.com/browse/SSE-177

An information disclosure vulnerability has been identified in Red Hat build of Keycloak . The /admin/serverinfo endpoint contains internal server details and returns a 401 Unauthorized error when an authenticated user attempts to access it directly.

However, the vulnerability occurs when an authenticated user logs into the system or accesses the admin console. The user's browser automatically sends a request to the /admin/serverinfo endpoint. includes sensitive server information. This response can be captured and viewed using browser developer tools or an HTTP proxy, thereby allowing any authenticated user to unintentionally access these internal server details.

Metadata

Metadata

Assignees

Labels

kind/cveIssues identified as CVEs on third-party dependencies, or issues which Keycloak is not affectedpriority/importantMust be worked on very soonrelease/26.5.4release/26.6.0team/core-clients

Type

cve

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions