A flaw was found in the Keycloak identity and access management system when Fine-Grained Admin Permissions(FGAPv2) are enabled. An administrative user with the manage-users role can escalate their privileges to realm-admin due to improper privilege enforcement. This vulnerability allows unauthorized elevation of access rights, compromising the intended separation of administrative duties and posing a security risk to the realm.
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Red Hat build of Keycloak 26 | RedHat | keycloak-services | * |
Red Hat build of Keycloak 26.2 | RedHat | rhbk/keycloak-operator-bundle:26.2.6-1 | * |
Red Hat build of Keycloak 26.2 | RedHat | rhbk/keycloak-rhel9:26.2-6 | * |
Red Hat build of Keycloak 26.2 | RedHat | rhbk/keycloak-rhel9-operator:26.2-6 | * |