A flaw was found in Keycloak Admin REST (Representational State Transfer) API. This vulnerability allows information disclosure of sensitive role metadata via insufficient authorization checks on the /admin/realms/{realm}/roles endpoint.
GHSA-6q37-7866-h27j: Keycloak Admin REST (Representational State Transfer) API does not properly enforce permissions
Keycloak Admin REST API vulnerability allows information disclosure of sensitive role metadata due to insufficient authorization checks on the /admin/realms/{realm}/roles endpoint.