Vulnerabilites related to Red Hat - Red Hat build of Keycloak 26.0
cve-2024-10492
Vulnerability from cvelistv5
Published
2024-11-25 07:37
Modified
2025-02-27 04:09
Severity ?
EPSS score ?
Summary
A vulnerability was found in Keycloak. A user with high privileges could read sensitive information from a Vault file that is not within the expected context. This attacker must have previous high access to the Keycloak server in order to perform resource creation, for example, an LDAP provider configuration and set up a Vault read file, which will only inform whether that file exists or not.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2024:10175 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:10176 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:10177 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:10178 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2024-10492 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2322447 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 0 ≤ |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-10492", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-25T17:03:29.760705Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-25T17:03:38.702Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://github.com/keycloak/keycloak", defaultStatus: "unaffected", packageName: "keycloak", versions: [ { lessThan: "26.0.6", status: "affected", version: "0", versionType: "semver", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:build_keycloak:24::el9", ], defaultStatus: "affected", packageName: "rhbk/keycloak-operator-bundle", product: "Red Hat build of Keycloak 24", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "24.0.9-1", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:build_keycloak:24::el9", ], defaultStatus: "affected", packageName: "rhbk/keycloak-rhel9", product: "Red Hat build of Keycloak 24", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "24-18", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:build_keycloak:24::el9", ], defaultStatus: "affected", packageName: "rhbk/keycloak-rhel9-operator", product: "Red Hat build of Keycloak 24", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "24-18", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:build_keycloak:24", ], defaultStatus: "unaffected", packageName: "org.keycloak/keycloak-quarkus-server", product: "Red Hat build of Keycloak 24.0.9", vendor: "Red Hat", }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:build_keycloak:26.0::el9", ], defaultStatus: "affected", packageName: "rhbk/keycloak-operator-bundle", product: "Red Hat build of Keycloak 26.0", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "26.0.6-2", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:build_keycloak:26.0::el9", ], defaultStatus: "affected", packageName: "rhbk/keycloak-rhel9", product: "Red Hat build of Keycloak 26.0", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "26.0-5", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:build_keycloak:26.0::el9", ], defaultStatus: "affected", packageName: "rhbk/keycloak-rhel9-operator", product: "Red Hat build of Keycloak 26.0", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "26.0-6", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:build_keycloak:26", ], defaultStatus: "unaffected", packageName: "org.keycloak/keycloak-quarkus-server", product: "Red Hat build of Keycloak 26.0.6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", cpes: [ "cpe:/a:redhat:jboss_enterprise_application_platform:8", ], defaultStatus: "unaffected", packageName: "org.keycloak/keycloak-quarkus-server", product: "Red Hat JBoss Enterprise Application Platform 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", cpes: [ "cpe:/a:redhat:jbosseapxp", ], defaultStatus: "unaffected", packageName: "org.keycloak/keycloak-quarkus-server", product: "Red Hat JBoss Enterprise Application Platform Expansion Pack", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:red_hat_single_sign_on:7", ], defaultStatus: "unknown", packageName: "org.keycloak/keycloak-quarkus-server", product: "Red Hat Single Sign-On 7", vendor: "Red Hat", }, ], credits: [ { lang: "en", value: "Red Hat would like to thank Brahim Raddahi (is4u.be) for reporting this issue.", }, ], datePublic: "2024-11-21T16:56:00.000Z", descriptions: [ { lang: "en", value: "A vulnerability was found in Keycloak. A user with high privileges could read sensitive information from a Vault file that is not within the expected context. This attacker must have previous high access to the Keycloak server in order to perform resource creation, for example, an LDAP provider configuration and set up a Vault read file, which will only inform whether that file exists or not.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Low", }, type: "Red Hat severity rating", }, }, { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 2.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-73", description: "External Control of File Name or Path", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-27T04:09:36.164Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2024:10175", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:10175", }, { name: "RHSA-2024:10176", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:10176", }, { name: "RHSA-2024:10177", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:10177", }, { name: "RHSA-2024:10178", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:10178", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2024-10492", }, { name: "RHBZ#2322447", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2322447", }, ], timeline: [ { lang: "en", time: "2024-10-29T00:00:00+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2024-11-21T16:56:00+00:00", value: "Made public.", }, ], title: "Keycloak-quarkus-server: keycloak path trasversal", x_redhatCweChain: "CWE-73: External Control of File Name or Path", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2024-10492", datePublished: "2024-11-25T07:37:30.572Z", dateReserved: "2024-10-29T13:07:47.731Z", dateUpdated: "2025-02-27T04:09:36.164Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-11734
Vulnerability from cvelistv5
Published
2025-01-14 08:35
Modified
2025-03-19 14:52
Severity ?
EPSS score ?
Summary
A denial of service vulnerability was found in Keycloak that could allow an administrative user with the right to change realm settings to disrupt the service. This action is done by modifying any of the security headers and inserting newlines, which causes the Keycloak server to write to a request that has already been terminated, leading to the failure of said request.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2025:0299 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2025:0300 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2024-11734 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2328846 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 0 ≤ |
|||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-11734", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-14T14:44:48.268163Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-14T14:44:59.365Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://github.com/keycloak/keycloak", defaultStatus: "unaffected", packageName: "keycloak", versions: [ { lessThan: "26.0.8", status: "affected", version: "0", versionType: "semver", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:build_keycloak:26.0::el9", ], defaultStatus: "affected", packageName: "rhbk/keycloak-operator-bundle", product: "Red Hat build of Keycloak 26.0", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "26.0.8-1", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:build_keycloak:26.0::el9", ], defaultStatus: "affected", packageName: "rhbk/keycloak-rhel9", product: "Red Hat build of Keycloak 26.0", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "26.0-7", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:build_keycloak:26.0::el9", ], defaultStatus: "affected", packageName: "rhbk/keycloak-rhel9-operator", product: "Red Hat build of Keycloak 26.0", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "26.0-8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:build_keycloak:26.0", ], defaultStatus: "unaffected", packageName: "org.keycloak/keycloak-quarkus-server", product: "RHBK 26.0.8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", cpes: [ "cpe:/a:redhat:jboss_enterprise_application_platform:8", ], defaultStatus: "unaffected", packageName: "org.keycloak/keycloak-quarkus-server", product: "Red Hat JBoss Enterprise Application Platform 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", cpes: [ "cpe:/a:redhat:jbosseapxp", ], defaultStatus: "unaffected", packageName: "org.keycloak/keycloak-quarkus-server", product: "Red Hat JBoss Enterprise Application Platform Expansion Pack", vendor: "Red Hat", }, ], credits: [ { lang: "en", value: "Red Hat would like to thank Chase Bowman (Contract Security) for reporting this issue.", }, ], datePublic: "2025-01-13T12:22:00.000Z", descriptions: [ { lang: "en", value: "A denial of service vulnerability was found in Keycloak that could allow an administrative user with the right to change realm settings to disrupt the service. This action is done by modifying any of the security headers and inserting newlines, which causes the Keycloak server to write to a request that has already been terminated, leading to the failure of said request.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Moderate", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-693", description: "Protection Mechanism Failure", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-19T14:52:05.242Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2025:0299", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:0299", }, { name: "RHSA-2025:0300", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:0300", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2024-11734", }, { name: "RHBZ#2328846", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2328846", }, ], timeline: [ { lang: "en", time: "2024-11-26T03:54:23.151000+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2025-01-13T12:22:00+00:00", value: "Made public.", }, ], title: "Org.keycloak:keycloak-quarkus-server: denial of service in keycloak server via security headers", workarounds: [ { lang: "en", value: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", }, ], x_redhatCweChain: "CWE-693: Protection Mechanism Failure", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2024-11734", datePublished: "2025-01-14T08:35:42.107Z", dateReserved: "2024-11-26T03:57:37.921Z", dateUpdated: "2025-03-19T14:52:05.242Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-0604
Vulnerability from cvelistv5
Published
2025-01-22 14:34
Modified
2025-03-14 08:08
Severity ?
EPSS score ?
Summary
A flaw was found in Keycloak. When an Active Directory user resets their password, the system updates it without performing an LDAP bind to validate the new credentials against AD. This vulnerability allows users whose AD accounts are expired or disabled to regain access in Keycloak, bypassing AD restrictions. The issue enables authentication bypass and could allow unauthorized access under certain conditions.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2025:2544 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2025:2545 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2025-0604 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2338993 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 0 ≤ Version: 0 ≤ |
||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-0604", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-22T15:05:55.294057Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-22T15:06:01.864Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://github.com/keycloak/keycloak", defaultStatus: "unaffected", packageName: "keycloak-ldap-federation", versions: [ { lessThan: "26.0.10", status: "affected", version: "0", versionType: "semver", }, { lessThan: "26.1.3", status: "affected", version: "0", versionType: "semver", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:build_keycloak:26", ], defaultStatus: "unaffected", packageName: "org.keycloak/keycloak-ldap-federation", product: "Red Hat Build of Keycloak", vendor: "Red Hat", }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:build_keycloak:26.0::el9", ], defaultStatus: "affected", packageName: "rhbk/keycloak-operator-bundle", product: "Red Hat build of Keycloak 26.0", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "26.0.10-3", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:build_keycloak:26.0::el9", ], defaultStatus: "affected", packageName: "rhbk/keycloak-rhel9", product: "Red Hat build of Keycloak 26.0", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "26.0-11", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:build_keycloak:26.0::el9", ], defaultStatus: "affected", packageName: "rhbk/keycloak-rhel9-operator", product: "Red Hat build of Keycloak 26.0", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "26.0-12", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:red_hat_single_sign_on:7", ], defaultStatus: "affected", packageName: "org.keycloak/keycloak-ldap-federation", product: "Red Hat Single Sign-On 7", vendor: "Red Hat", }, ], credits: [ { lang: "en", value: "Red Hat would like to thank Dwayne Du for reporting this issue.", }, ], datePublic: "2025-01-20T00:00:00.000Z", descriptions: [ { lang: "en", value: "A flaw was found in Keycloak. When an Active Directory user resets their password, the system updates it without performing an LDAP bind to validate the new credentials against AD. This vulnerability allows users whose AD accounts are expired or disabled to regain access in Keycloak, bypassing AD restrictions. The issue enables authentication bypass and could allow unauthorized access under certain conditions.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Moderate", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-287", description: "Improper Authentication", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-14T08:08:29.729Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2025:2544", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2544", }, { name: "RHSA-2025:2545", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2545", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2025-0604", }, { name: "RHBZ#2338993", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2338993", }, ], timeline: [ { lang: "en", time: "2025-01-20T11:30:22.389000+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2025-01-20T00:00:00+00:00", value: "Made public.", }, ], title: "Keycloak-ldap-federation: authentication bypass due to missing ldap bind after password reset in keycloak", x_redhatCweChain: "CWE-287: Improper Authentication", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2025-0604", datePublished: "2025-01-22T14:34:45.923Z", dateReserved: "2025-01-20T11:35:33.280Z", dateUpdated: "2025-03-14T08:08:29.729Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-10451
Vulnerability from cvelistv5
Published
2024-11-25 07:37
Modified
2024-11-27 20:51
Severity ?
EPSS score ?
Summary
A flaw was found in Keycloak. This issue occurs because sensitive runtime values, such as passwords, may be captured during the Keycloak build process and embedded as default values in bytecode, leading to unintended information disclosure. In Keycloak 26, sensitive data specified directly in environment variables during the build process is also stored as a default values, making it accessible during runtime. Indirect usage of environment variables for SPI options and Quarkus properties is also vulnerable due to unconditional expansion by PropertyMapper logic, capturing sensitive data as default values in all Keycloak versions up to 26.0.2.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2024:10175 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:10176 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:10177 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:10178 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2024-10451 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2322096 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Red Hat | Red Hat build of Keycloak 24 |
Unaffected: 24.0.9-1 < * cpe:/a:redhat:build_keycloak:24::el9 |
||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-10451", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-25T16:00:10.921097Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-25T16:00:38.099Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:build_keycloak:24::el9", ], defaultStatus: "affected", packageName: "rhbk/keycloak-operator-bundle", product: "Red Hat build of Keycloak 24", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "24.0.9-1", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:build_keycloak:24::el9", ], defaultStatus: "affected", packageName: "rhbk/keycloak-rhel9", product: "Red Hat build of Keycloak 24", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "24-18", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:build_keycloak:24::el9", ], defaultStatus: "affected", packageName: "rhbk/keycloak-rhel9-operator", product: "Red Hat build of Keycloak 24", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "24-18", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:build_keycloak:24", ], defaultStatus: "unaffected", packageName: "org.keycloak/keycloak-quarkus-server", product: "Red Hat build of Keycloak 24.0.9", vendor: "Red Hat", }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:build_keycloak:26.0::el9", ], defaultStatus: "affected", packageName: "rhbk/keycloak-operator-bundle", product: "Red Hat build of Keycloak 26.0", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "26.0.6-2", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:build_keycloak:26.0::el9", ], defaultStatus: "affected", packageName: "rhbk/keycloak-rhel9", product: "Red Hat build of Keycloak 26.0", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "26.0-5", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:build_keycloak:26.0::el9", ], defaultStatus: "affected", packageName: "rhbk/keycloak-rhel9-operator", product: "Red Hat build of Keycloak 26.0", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "26.0-6", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:build_keycloak:26", ], defaultStatus: "unaffected", packageName: "org.keycloak/keycloak-quarkus-server", product: "Red Hat build of Keycloak 26.0.6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", cpes: [ "cpe:/a:redhat:jboss_enterprise_application_platform:8", ], defaultStatus: "unaffected", packageName: "org.keycloak/keycloak-quarkus-server", product: "Red Hat JBoss Enterprise Application Platform 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:red_hat_single_sign_on:7", ], defaultStatus: "unknown", packageName: "org.keycloak/keycloak-quarkus-server", product: "Red Hat Single Sign-On 7", vendor: "Red Hat", }, ], credits: [ { lang: "en", value: "Red Hat would like to thank Steven Hawkins for reporting this issue.", }, ], datePublic: "2024-11-21T16:55:00+00:00", descriptions: [ { lang: "en", value: "A flaw was found in Keycloak. This issue occurs because sensitive runtime values, such as passwords, may be captured during the Keycloak build process and embedded as default values in bytecode, leading to unintended information disclosure. In Keycloak 26, sensitive data specified directly in environment variables during the build process is also stored as a default values, making it accessible during runtime. Indirect usage of environment variables for SPI options and Quarkus properties is also vulnerable due to unconditional expansion by PropertyMapper logic, capturing sensitive data as default values in all Keycloak versions up to 26.0.2.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Moderate", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-798", description: "Use of Hard-coded Credentials", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-27T20:51:51.757Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2024:10175", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:10175", }, { name: "RHSA-2024:10176", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:10176", }, { name: "RHSA-2024:10177", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:10177", }, { name: "RHSA-2024:10178", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:10178", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2024-10451", }, { name: "RHBZ#2322096", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2322096", }, ], timeline: [ { lang: "en", time: "2024-10-28T07:27:41.800000+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2024-11-21T16:55:00+00:00", value: "Made public.", }, ], title: "Org.keycloak:keycloak-quarkus-server: sensitive data exposure in keycloak build process", x_redhatCweChain: "CWE-798: Use of Hard-coded Credentials", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2024-10451", datePublished: "2024-11-25T07:37:05.161Z", dateReserved: "2024-10-28T07:34:31.748Z", dateUpdated: "2024-11-27T20:51:51.757Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-10270
Vulnerability from cvelistv5
Published
2024-11-25 07:37
Modified
2025-02-27 03:22
Severity ?
EPSS score ?
Summary
A vulnerability was found in the Keycloak-services package. If untrusted data is passed to the SearchQueryUtils method, it could lead to a denial of service (DoS) scenario by exhausting system resources due to a Regex complexity.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2024:10175 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:10176 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:10177 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:10178 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2024-10270 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2321214 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 0 ≤ Version: 25.0.0 ≤ |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-10270", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-25T17:15:02.524794Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-25T17:15:57.082Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://github.com/keycloak/keycloak", defaultStatus: "unaffected", packageName: "keycloak", versions: [ { lessThan: "24.0.9", status: "affected", version: "0", versionType: "semver", }, { lessThan: "26.0.6", status: "affected", version: "25.0.0", versionType: "semver", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:build_keycloak:24::el9", ], defaultStatus: "affected", packageName: "rhbk/keycloak-operator-bundle", product: "Red Hat build of Keycloak 24", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "24.0.9-1", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:build_keycloak:24::el9", ], defaultStatus: "affected", packageName: "rhbk/keycloak-rhel9", product: "Red Hat build of Keycloak 24", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "24-18", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:build_keycloak:24::el9", ], defaultStatus: "affected", packageName: "rhbk/keycloak-rhel9-operator", product: "Red Hat build of Keycloak 24", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "24-18", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:build_keycloak:24", ], defaultStatus: "unaffected", packageName: "org.keycloak/keycloak-services", product: "Red Hat build of Keycloak 24.0.9", vendor: "Red Hat", }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:build_keycloak:26.0::el9", ], defaultStatus: "affected", packageName: "rhbk/keycloak-operator-bundle", product: "Red Hat build of Keycloak 26.0", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "26.0.6-2", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:build_keycloak:26.0::el9", ], defaultStatus: "affected", packageName: "rhbk/keycloak-rhel9", product: "Red Hat build of Keycloak 26.0", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "26.0-5", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:build_keycloak:26.0::el9", ], defaultStatus: "affected", packageName: "rhbk/keycloak-rhel9-operator", product: "Red Hat build of Keycloak 26.0", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "26.0-6", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:build_keycloak:26", ], defaultStatus: "unaffected", packageName: "org.keycloak/keycloak-services", product: "Red Hat build of Keycloak 26.0.6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", cpes: [ "cpe:/a:redhat:jboss_enterprise_application_platform:8", ], defaultStatus: "unaffected", packageName: "org.keycloak/keycloak-services", product: "Red Hat JBoss Enterprise Application Platform 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", cpes: [ "cpe:/a:redhat:jbosseapxp", ], defaultStatus: "unaffected", packageName: "org.keycloak/keycloak-services", product: "Red Hat JBoss Enterprise Application Platform Expansion Pack", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:red_hat_single_sign_on:7", ], defaultStatus: "unknown", packageName: "org.keycloak/keycloak-services", product: "Red Hat Single Sign-On 7", vendor: "Red Hat", }, ], datePublic: "2024-11-21T16:54:00.000Z", descriptions: [ { lang: "en", value: "A vulnerability was found in the Keycloak-services package. If untrusted data is passed to the SearchQueryUtils method, it could lead to a denial of service (DoS) scenario by exhausting system resources due to a Regex complexity.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Moderate", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-1333", description: "Inefficient Regular Expression Complexity", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-27T03:22:42.110Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2024:10175", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:10175", }, { name: "RHSA-2024:10176", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:10176", }, { name: "RHSA-2024:10177", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:10177", }, { name: "RHSA-2024:10178", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:10178", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2024-10270", }, { name: "RHBZ#2321214", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2321214", }, ], timeline: [ { lang: "en", time: "2024-10-23T01:51:45.483000+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2024-11-21T16:54:00+00:00", value: "Made public.", }, ], title: "Org.keycloak:keycloak-services: keycloak denial of service", x_redhatCweChain: "CWE-1333: Inefficient Regular Expression Complexity", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2024-10270", datePublished: "2024-11-25T07:37:04.542Z", dateReserved: "2024-10-23T02:00:58.671Z", dateUpdated: "2025-02-27T03:22:42.110Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-1391
Vulnerability from cvelistv5
Published
2025-02-17 14:01
Modified
2025-03-15 09:19
Severity ?
EPSS score ?
Summary
A flaw was found in the Keycloak organization feature, which allows the incorrect assignment of an organization to a user if their username or email matches the organization’s domain pattern. This issue occurs at the mapper level, leading to misrepresentation in tokens. If an application relies on these claims for authorization, it may incorrectly assume a user belongs to an organization they are not a member of, potentially granting unauthorized access or privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2025:2544 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2025:2545 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2025-1391 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2346082 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 26.0.0 ≤ |
|||||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-1391", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-18T17:17:45.272663Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-18T19:29:44.943Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://github.com/keycloak/keycloak", defaultStatus: "unaffected", packageName: "keycloak-services", versions: [ { lessThan: "26.0.10", status: "affected", version: "26.0.0", versionType: "semver", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:build_keycloak:26", ], defaultStatus: "unaffected", packageName: "keycloak-services", product: "Red Hat Build of Keycloak", vendor: "Red Hat", }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:build_keycloak:26.0::el9", ], defaultStatus: "affected", packageName: "rhbk/keycloak-operator-bundle", product: "Red Hat build of Keycloak 26.0", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "26.0.10-3", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:build_keycloak:26.0::el9", ], defaultStatus: "affected", packageName: "rhbk/keycloak-rhel9", product: "Red Hat build of Keycloak 26.0", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "26.0-11", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:build_keycloak:26.0::el9", ], defaultStatus: "affected", packageName: "rhbk/keycloak-rhel9-operator", product: "Red Hat build of Keycloak 26.0", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "26.0-12", versionType: "rpm", }, ], }, ], datePublic: "2025-02-17T00:00:00.000Z", descriptions: [ { lang: "en", value: "A flaw was found in the Keycloak organization feature, which allows the incorrect assignment of an organization to a user if their username or email matches the organization’s domain pattern. This issue occurs at the mapper level, leading to misrepresentation in tokens. If an application relies on these claims for authorization, it may incorrectly assume a user belongs to an organization they are not a member of, potentially granting unauthorized access or privileges.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Moderate", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "Improper Access Control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-15T09:19:00.448Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2025:2544", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2544", }, { name: "RHSA-2025:2545", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2545", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2025-1391", }, { name: "RHBZ#2346082", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2346082", }, ], timeline: [ { lang: "en", time: "2025-02-17T07:46:40.184000+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2025-02-17T00:00:00+00:00", value: "Made public.", }, ], title: "Keycloak-services: improper authorization in keycloak organization mapper allows unauthorized organization claims", x_redhatCweChain: "CWE-284: Improper Access Control", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2025-1391", datePublished: "2025-02-17T14:01:35.354Z", dateReserved: "2025-02-17T08:56:42.702Z", dateUpdated: "2025-03-15T09:19:00.448Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-9666
Vulnerability from cvelistv5
Published
2024-11-25 07:29
Modified
2025-01-28 09:33
Severity ?
EPSS score ?
Summary
A vulnerability was found in the Keycloak Server. The Keycloak Server is vulnerable to a denial of service (DoS) attack due to improper handling of proxy headers. When Keycloak is configured to accept incoming proxy headers, it may accept non-IP values, such as obfuscated identifiers, without proper validation. This issue can lead to costly DNS resolution operations, which an attacker could exploit to tie up IO threads and potentially cause a denial of service.
The attacker must have access to send requests to a Keycloak instance that is configured to accept proxy headers, specifically when reverse proxies do not overwrite incoming headers, and Keycloak is configured to trust these headers.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2024:10175 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:10176 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:10177 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:10178 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2024-9666 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2317440 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 0 ≤ Version: 25.0.0 ≤ |
||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-9666", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-25T17:14:55.721958Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-25T17:15:56.948Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://github.com/keycloak/keycloak", defaultStatus: "unaffected", packageName: "keycloak", versions: [ { lessThan: "24.0.9", status: "affected", version: "0", versionType: "semver", }, { lessThan: "26.0.6", status: "affected", version: "25.0.0", versionType: "semver", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:build_keycloak:24::el9", ], defaultStatus: "affected", packageName: "rhbk/keycloak-operator-bundle", product: "Red Hat build of Keycloak 24", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "24.0.9-1", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:build_keycloak:24::el9", ], defaultStatus: "affected", packageName: "rhbk/keycloak-rhel9", product: "Red Hat build of Keycloak 24", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "24-18", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:build_keycloak:24::el9", ], defaultStatus: "affected", packageName: "rhbk/keycloak-rhel9-operator", product: "Red Hat build of Keycloak 24", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "24-18", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:build_keycloak:24", ], defaultStatus: "unaffected", packageName: "org.keycloak/keycloak-quarkus-server", product: "Red Hat build of Keycloak 24.0.9", vendor: "Red Hat", }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:build_keycloak:26.0::el9", ], defaultStatus: "affected", packageName: "rhbk/keycloak-operator-bundle", product: "Red Hat build of Keycloak 26.0", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "26.0.6-2", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:build_keycloak:26.0::el9", ], defaultStatus: "affected", packageName: "rhbk/keycloak-rhel9", product: "Red Hat build of Keycloak 26.0", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "26.0-5", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:build_keycloak:26.0::el9", ], defaultStatus: "affected", packageName: "rhbk/keycloak-rhel9-operator", product: "Red Hat build of Keycloak 26.0", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "26.0-6", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:build_keycloak:26", ], defaultStatus: "unaffected", packageName: "org.keycloak/keycloak-quarkus-server", product: "Red Hat build of Keycloak 26.0.6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", cpes: [ "cpe:/a:redhat:jboss_enterprise_application_platform:8", ], defaultStatus: "affected", packageName: "org.keycloak/keycloak-quarkus-server", product: "Red Hat JBoss Enterprise Application Platform 8", vendor: "Red Hat", }, ], datePublic: "2024-11-21T16:45:00.000Z", descriptions: [ { lang: "en", value: "A vulnerability was found in the Keycloak Server. The Keycloak Server is vulnerable to a denial of service (DoS) attack due to improper handling of proxy headers. When Keycloak is configured to accept incoming proxy headers, it may accept non-IP values, such as obfuscated identifiers, without proper validation. This issue can lead to costly DNS resolution operations, which an attacker could exploit to tie up IO threads and potentially cause a denial of service.\nThe attacker must have access to send requests to a Keycloak instance that is configured to accept proxy headers, specifically when reverse proxies do not overwrite incoming headers, and Keycloak is configured to trust these headers.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Low", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 4.7, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-444", description: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-28T09:33:51.117Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2024:10175", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:10175", }, { name: "RHSA-2024:10176", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:10176", }, { name: "RHSA-2024:10177", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:10177", }, { name: "RHSA-2024:10178", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:10178", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2024-9666", }, { name: "RHBZ#2317440", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2317440", }, ], timeline: [ { lang: "en", time: "2024-10-08T22:25:08.077000+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2024-11-21T16:45:00+00:00", value: "Made public.", }, ], title: "Org.keycloak/keycloak-quarkus-server: keycloak proxy header handling denial-of-service (dos) vulnerability", x_redhatCweChain: "CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2024-9666", datePublished: "2024-11-25T07:29:52.073Z", dateReserved: "2024-10-08T22:36:23.598Z", dateUpdated: "2025-01-28T09:33:51.117Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-11736
Vulnerability from cvelistv5
Published
2025-01-14 08:36
Modified
2025-03-19 14:52
Severity ?
EPSS score ?
Summary
A vulnerability was found in Keycloak. Admin users may have to access sensitive server environment variables and system properties through user-configurable URLs. When configuring backchannel logout URLs or admin URLs, admin users can include placeholders like ${env.VARNAME} or ${PROPNAME}. The server replaces these placeholders with the actual values of environment variables or system properties during URL processing.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2025:0299 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2025:0300 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2024-11736 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2328850 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 0 ≤ |
|||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-11736", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-14T14:44:22.849777Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-14T14:44:36.417Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://github.com/keycloak/keycloak", defaultStatus: "unaffected", packageName: "keycloak", versions: [ { lessThan: "26.0.8", status: "affected", version: "0", versionType: "semver", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:build_keycloak:26.0::el9", ], defaultStatus: "affected", packageName: "rhbk/keycloak-operator-bundle", product: "Red Hat build of Keycloak 26.0", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "26.0.8-1", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:build_keycloak:26.0::el9", ], defaultStatus: "affected", packageName: "rhbk/keycloak-rhel9", product: "Red Hat build of Keycloak 26.0", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "26.0-7", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:build_keycloak:26.0::el9", ], defaultStatus: "affected", packageName: "rhbk/keycloak-rhel9-operator", product: "Red Hat build of Keycloak 26.0", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "26.0-8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:build_keycloak:26.0", ], defaultStatus: "unaffected", packageName: "org.keycloak/keycloak-quarkus-server", product: "RHBK 26.0.8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", cpes: [ "cpe:/a:redhat:jboss_enterprise_application_platform:8", ], defaultStatus: "unaffected", packageName: "org.keycloak/keycloak-quarkus-server", product: "Red Hat JBoss Enterprise Application Platform 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", cpes: [ "cpe:/a:redhat:jbosseapxp", ], defaultStatus: "unaffected", packageName: "org.keycloak/keycloak-quarkus-server", product: "Red Hat JBoss Enterprise Application Platform Expansion Pack", vendor: "Red Hat", }, ], credits: [ { lang: "en", value: "This issue was discovered by Steven Hawkins (Red Hat).", }, ], datePublic: "2025-01-13T13:24:00.000Z", descriptions: [ { lang: "en", value: "A vulnerability was found in Keycloak. Admin users may have to access sensitive server environment variables and system properties through user-configurable URLs. When configuring backchannel logout URLs or admin URLs, admin users can include placeholders like ${env.VARNAME} or ${PROPNAME}. The server replaces these placeholders with the actual values of environment variables or system properties during URL processing.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Moderate", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-526", description: "Cleartext Storage of Sensitive Information in an Environment Variable", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-19T14:52:27.254Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2025:0299", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:0299", }, { name: "RHSA-2025:0300", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:0300", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2024-11736", }, { name: "RHBZ#2328850", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2328850", }, ], timeline: [ { lang: "en", time: "2024-11-26T04:20:40.657000+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2025-01-13T13:24:00+00:00", value: "Made public.", }, ], title: "Org.keycloak:keycloak-quarkus-server: unrestricted admin use of system and environment variables", workarounds: [ { lang: "en", value: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", }, ], x_redhatCweChain: "CWE-526: Cleartext Storage of Sensitive Information in an Environment Variable", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2024-11736", datePublished: "2025-01-14T08:36:08.583Z", dateReserved: "2024-11-26T04:36:51.824Z", dateUpdated: "2025-03-19T14:52:27.254Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }