Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-g6qq-c9f9-2772

Опубликовано: 05 фев. 2025
Источник: github
Github: Прошло ревью
CVSS3: 5.7

Описание

Keycloak on Quarkus CLI option for encrypted JGroups ignored

The env option KC_CACHE_EMBEDDED_MTLS_ENABLED does not work and the jgroups replication configuration is always used in plain. This option worked before in 24 and 22. More info in public issue https://github.com/keycloak/keycloak/issues/34644.

Ссылки

Пакеты

Наименование

org.keycloak:keycloak-quarkus-server

maven
Затронутые версииВерсия исправления

>= 25.0.0, < 26.0.6

26.0.6

EPSS

Процентиль: 5%
0.00022
Низкий

5.7 Medium

CVSS3

CVE ID

CVE-2024-10973

Дефекты

CWE-319

Связанные уязвимости

redhat логотип

CVE-2024-10973

CVSS3: 5.7
redhat
больше 1 года назад

A vulnerability was found in Keycloak. The environment option `KC_CACHE_EMBEDDED_MTLS_ENABLED` does not work and the JGroups replication configuration is always used in plain text which can allow an attacker that has access to adjacent networks related to JGroups to read sensitive information.

nvd логотип

CVE-2024-10973

CVSS3: 5.7
nvd
около 1 года назад

A vulnerability was found in Keycloak. The environment option `KC_CACHE_EMBEDDED_MTLS_ENABLED` does not work and the JGroups replication configuration is always used in plain text which can allow an attacker that has access to adjacent networks related to JGroups to read sensitive information.

debian логотип

CVE-2024-10973

CVSS3: 5.7
debian
около 1 года назад

A vulnerability was found in Keycloak. The environment option `KC_CACH ...

EPSS

Процентиль: 5%
0.00022
Низкий

5.7 Medium

CVSS3

CVE ID

CVE-2024-10973

Дефекты

CWE-319