github - ghsa-gmrm-8fx4-66x7

ghsa-gmrm-8fx4-66x7

Vulnerability from github

Published

2024-06-18 12:30

Modified

2024-09-09 21:31

Severity

2.7 (Low) - CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Summary

Duplicate Advisory: Keycloak: Leak of configured LDAP bind credentials

Details

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-c25h-c27q-5qpv. This link is maintained to preserve external references.

Original Description

A vulnerability was found in Keycloak. The LDAP testing endpoint allows changing the Connection URL independently without re-entering the currently configured LDAP bind credentials. This flaw allows an attacker with admin access (permission manage-realm) to change the LDAP host URL ("Connection URL") to a machine they control. The Keycloak server will connect to the attacker's host and try to authenticate with the configured credentials, thus leaking them to the attacker. As a consequence, an attacker who has compromised the admin console or compromised a user with sufficient privileges can leak domain credentials and attack the domain.

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.keycloak:keycloak-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "24.0.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-276"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-06-18T16:34:46Z",
    "nvd_published_at": "2024-06-18T12:15:12Z",
    "severity": "LOW"
  },
  "details": "## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-c25h-c27q-5qpv. This link is maintained to preserve external references.\n\n## Original Description\n\nA vulnerability was found in Keycloak. The LDAP testing endpoint allows changing the Connection URL\u00a0 independently without re-entering the currently configured LDAP bind credentials. This flaw allows an attacker with admin\u00a0access (permission manage-realm) to change the LDAP host URL (\"Connection URL\") to a machine they control. The Keycloak server will connect to the attacker\u0027s host and try to authenticate with the configured credentials, thus leaking them to the attacker. As a consequence, an attacker who has compromised the admin console or compromised a user with sufficient privileges can leak domain credentials and attack the domain.",
  "id": "GHSA-gmrm-8fx4-66x7",
  "modified": "2024-09-09T21:31:22Z",
  "published": "2024-06-18T12:30:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5967"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:6493"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:6494"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:6495"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:6497"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:6499"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:6500"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:6501"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2024-5967"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2292200"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/keycloak/keycloak"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Duplicate Advisory: Keycloak: Leak of configured LDAP bind credentials",
  "withdrawn": "2024-06-21T15:51:43Z"
}

cve-2024-5967

Vulnerability from cvelistv5

Published

2024-06-18 12:05

Modified

2024-09-18 08:37

Severity

2.7 (Low) - cvssV3_1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Summary

Keycloak: leak of configured ldap bind credentials through the keycloak admin console

References

URL	Tags
https://access.redhat.com/errata/RHSA-2024:6493	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:6494	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:6495	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:6497	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:6499	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:6500	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:6501	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-5967	vdb-entry, x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2292200	issue-tracking, x_refsource_REDHAT

Impacted products

Vendor	Product
Red Hat	Red Hat Build of Keycloak
Red Hat	Red Hat build of Keycloak 22
Red Hat	Red Hat build of Keycloak 22
Red Hat	Red Hat build of Keycloak 22
Red Hat	Red Hat Single Sign-On 7
Red Hat	Red Hat Single Sign-On 7.6 for RHEL 7
Red Hat	Red Hat Single Sign-On 7.6 for RHEL 8
Red Hat	Red Hat Single Sign-On 7.6 for RHEL 9
Red Hat	RHEL-8 based Middleware Containers

Show details on NVD website