ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a resource to the classloader. By sending requests for theme resources with a relative path from an external HTTP client, the client will receive the content of random files if available.
The product makes files or directories accessible to unauthorized actors, even though they should not be.
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
| Link | Tags |
|---|---|
| https://issues.redhat.com/browse/KEYCLOAK-19422 | permissions required vendor advisory |
| https://github.com/keycloak/keycloak/pull/8588 | third party advisory patch |
| https://github.com/keycloak/keycloak/commit/73f0474008e1bebd0733e62a22aceda9e5de6743 | third party advisory patch |
| https://bugzilla.redhat.com/show_bug.cgi?id=2010164 | issue tracking vendor advisory |
| https://access.redhat.com/security/cve/CVE-2021-3856 | vendor advisory |