CVE-2020-14359
Published: 23 February 2021
Summary
CVE-2020-14359 is a high-severity Authentication Bypass by Primary Weakness (CWE-305) vulnerability in Redhat Louketo Proxy. Its CVSS base score is 7.3 (High).
Operationally, ranked at the 49.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-1075
Vulnerability details
A vulnerability was found in all versions of Keycloak Gatekeeper, where on using lower case HTTP headers (via cURL) an attacker can bypass our Gatekeeper. Lower case headers are also accepted by some webservers (e.g. Jetty). This means there is…
more
no protection when we put a Gatekeeper in front of a Jetty server and use lowercase headers.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.