Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-4540

Опубликовано: 03 июн. 2024
Источник: debian

Описание

A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests (PAR). Client-provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization server's HTTP response to a `request_uri` authorization request, possibly leading to an information disclosure vulnerability.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
keycloakitppackage

Связанные уязвимости

redhat логотип

CVE-2024-4540

CVSS3: 7.5
redhat
больше 1 года назад

A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests (PAR). Client-provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization server's HTTP response to a `request_uri` authorization request, possibly leading to an information disclosure vulnerability.

nvd логотип

CVE-2024-4540

CVSS3: 7.5
nvd
больше 1 года назад

A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests (PAR). Client-provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization server's HTTP response to a `request_uri` authorization request, possibly leading to an information disclosure vulnerability.

github логотип

GHSA-69fp-7c8p-crjr

CVSS3: 7.5
github
больше 1 года назад

Keycloak exposes sensitive information in Pushed Authorization Requests (PAR)

fstec логотип

BDU:2024-04939

CVSS3: 7.5
fstec
больше 1 года назад

Уязвимость механизма авторизации OAuth 2.0 Pushed Authorization Requests программного средства для управления идентификацией и доступом Keycloak, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации