CVE-2024-4540

Опубликовано: 03 июн. 2024

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests (PAR). Client-provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization server's HTTP response to a request_uri authorization request, possibly leading to an information disclosure vulnerability.

Ссылки

EPSS

Процентиль: 66%

0.00516

Низкий

7.5 High

CVSS3

Дефекты

CWE-200

Связанные уязвимости

CVE-2024-4540

CVSS3: 7.5

redhat

больше 1 года назад

A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests (PAR). Client-provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization server's HTTP response to a `request_uri` authorization request, possibly leading to an information disclosure vulnerability.

CVE-2024-4540

CVSS3: 7.5

debian

больше 1 года назад

A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Request ...

GHSA-69fp-7c8p-crjr

CVSS3: 7.5

github

больше 1 года назад

Keycloak exposes sensitive information in Pushed Authorization Requests (PAR)

BDU:2024-04939

CVSS3: 7.5

fstec

больше 1 года назад

Уязвимость механизма авторизации OAuth 2.0 Pushed Authorization Requests программного средства для управления идентификацией и доступом Keycloak, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 66%

0.00516

Низкий

7.5 High

CVSS3

Дефекты

CWE-200