CVE-2020-27838

MEDIUM NUCLEI

Keycloak < 13.0.0 - Unauthenticated Information Disclosure via Client Registration Endpoint

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-27838. PoCs published by Cappricio-Securities. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a Python-based scanner for detecting CVE-2020-27838, a vulnerability in an unspecified target software. The tool checks for exposed endpoints and sensitive data (e.g., 'security-admin-console', 'secret') via HTTP requests. It includes features like Telegram notifications and output logging.

Description

A flaw was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fetching information about PUBLIC clients (like client secret) without authentication which could be an issue if the same PUBLIC client changed to CONFIDENTIAL later. The highest threat from this vulnerability is to data confidentiality.

Exploits (1)

nomisec SCANNER 2 stars

by Cappricio-Securities · poc

https://github.com/Cappricio-Securities/CVE-2020-27838

View Code ZIP pw:eip

This repository contains a Python-based scanner for detecting CVE-2020-27838, a vulnerability in an unspecified target software. The tool checks for exposed endpoints and sensitive data (e.g., 'security-admin-console', 'secret') via HTTP requests. It includes features like Telegram notifications and output logging.

Classification

Scanner 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Unspecified (likely a web application with exposed admin endpoints)

No auth needed

Prerequisites: Network access to the target URL · Python 3.x environment

MITRE ATT&CK

T1592 - Gather Victim Host Information T1082 - System Information Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

KeyCloak - Information Exposure

MEDIUMby mchklt

Shodan: title:"keycloak" || http.title:"keycloak" || http.html:"keycloak" || http.favicon.hash:-1105083093

FOFA: title="keycloak" || icon_hash=-1105083093 || body="keycloak"

References (1)

Core 1

Core References

Issue Tracking, Vendor Advisory x_refsource_misc

https://bugzilla.redhat.com/show_bug.cgi?id=1906797

Scores

CVSS v3 6.5

EPSS 0.1794

EPSS Percentile 96.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

CWE

CWE-287

Status published

Products (3)

org.keycloak/keycloak-core 0 - 13.0.0Maven

redhat/keycloak < 13.0.0

redhat/single_sign-on 7.0

Published Mar 08, 2021

Tracked Since Feb 18, 2026