How does CVE-2020-14359 affect Keycloak and is there a cause for concern?

https://nvd.nist.gov/vuln/detail/CVE-2020-14359

The information on this CVE seems quite limited. My interpretation of it is that I will only be affected if have configured Keycloak Gatekeeper?

Also saw this 1868591 – (CVE-2020-14359) CVE-2020-14359 keycloak: gatekeeper bypass via cURL when using lower case HTTP headers, that it has been closed as not a bug. Does this mean that this is a non-issue and it is not a security vulnerability?

2 Likes