Vendor
OpenRemote is vulnerable to privilege escalation, allowing an attacker with write:admin privileges in one Keycloak realm to gain administrator access to the master realm by manipulating Keycloak realm roles due to missing authorization checks in the updateUserRealmRoles function.