A vulnerability has been identified in Keycloak that could lead to unauthorized information disclosure. While it requires an already authenticated user, the /admin/serverinfo endpoint can inadvertently provide sensitive environment information.
Credits
Red Hat would like to thank Ibrahim Khorwat (Almadar Aljadid) and Murad Baggas (Almadar Aljadid) for reporting this issue.
