VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-th5p-51pd-3ffg

Essentials
Severities (21)
References (10)
Severity details (6)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-th5p-51pd-3ffg
Aliases	CVE-2020-14389 GHSA-c9x9-xv66-xp3v
Summary	Improper privilege management in Keycloak A flaw was found in Keycloak, where it would permit a user with a view-profile role to manage the resources in the new account console. This flaw allows a user with a view-profile role to access and modify data for which the user does not have adequate permission.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-269	Improper Privilege Management
CWE-916	Use of Password Hash With Insufficient Computational Effort
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3	8.1	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14389.json
cvssv3.1	8.1	https://access.redhat.com/security/cve/cve-2020-14389
generic_textual	HIGH	https://access.redhat.com/security/cve/cve-2020-14389
epss	0.00148	https://api.first.org/data/v1/epss?cve=CVE-2020-14389
epss	0.00148	https://api.first.org/data/v1/epss?cve=CVE-2020-14389
epss	0.00148	https://api.first.org/data/v1/epss?cve=CVE-2020-14389
epss	0.00148	https://api.first.org/data/v1/epss?cve=CVE-2020-14389
epss	0.00148	https://api.first.org/data/v1/epss?cve=CVE-2020-14389
epss	0.00148	https://api.first.org/data/v1/epss?cve=CVE-2020-14389
epss	0.00148	https://api.first.org/data/v1/epss?cve=CVE-2020-14389
epss	0.00148	https://api.first.org/data/v1/epss?cve=CVE-2020-14389
epss	0.00148	https://api.first.org/data/v1/epss?cve=CVE-2020-14389
epss	0.00148	https://api.first.org/data/v1/epss?cve=CVE-2020-14389
epss	0.00148	https://api.first.org/data/v1/epss?cve=CVE-2020-14389
epss	0.00148	https://api.first.org/data/v1/epss?cve=CVE-2020-14389
epss	0.00148	https://api.first.org/data/v1/epss?cve=CVE-2020-14389
epss	0.00148	https://api.first.org/data/v1/epss?cve=CVE-2020-14389
epss	0.00148	https://api.first.org/data/v1/epss?cve=CVE-2020-14389
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-c9x9-xv66-xp3v
cvssv3.1	8.1	https://nvd.nist.gov/vuln/detail/CVE-2020-14389
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2020-14389

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14389.json
		https://access.redhat.com/security/cve/cve-2020-14389
		https://api.first.org/data/v1/epss?cve=CVE-2020-14389
		https://nvd.nist.gov/vuln/detail/CVE-2020-14389
1875843		https://bugzilla.redhat.com/show_bug.cgi?id=1875843
GHSA-c9x9-xv66-xp3v		https://github.com/advisories/GHSA-c9x9-xv66-xp3v
RHSA-2020:4929		https://access.redhat.com/errata/RHSA-2020:4929
RHSA-2020:4930		https://access.redhat.com/errata/RHSA-2020:4930
RHSA-2020:4931		https://access.redhat.com/errata/RHSA-2020:4931
RHSA-2020:4932		https://access.redhat.com/errata/RHSA-2020:4932

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14389.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://access.redhat.com/security/cve/cve-2020-14389

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2020-14389

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.35177
EPSS Score	0.00148
Published At	April 1, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T13:02:08.749742+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/11/GHSA-c9x9-xv66-xp3v/GHSA-c9x9-xv66-xp3v.json	38.0.0