Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-10270

Опубликовано: 21 нояб. 2024
Источник: redhat
CVSS3: 6.5

Описание

A vulnerability was found in the Keycloak-services package. If untrusted data is passed to the SearchQueryUtils method, it could lead to a denial of service (DoS) scenario by exhausting system resources due to a Regex complexity.

Отчет

Red Hat Enterprise Application Platform 8 does not ship or provide the affected component, and so is not affected by this flaw.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat JBoss Enterprise Application Platform 8org.keycloak/keycloak-servicesNot affected
Red Hat JBoss Enterprise Application Platform Expansion Packorg.keycloak/keycloak-servicesNot affected
Red Hat Single Sign-On 7org.keycloak/keycloak-servicesOut of support scope
Red Hat build of Keycloak 24rhbk/keycloak-operator-bundleFixedRHSA-2024:1017521.11.2024
Red Hat build of Keycloak 24rhbk/keycloak-rhel9FixedRHSA-2024:1017521.11.2024
Red Hat build of Keycloak 24rhbk/keycloak-rhel9-operatorFixedRHSA-2024:1017521.11.2024
Red Hat build of Keycloak 24.0.9org.keycloak/keycloak-servicesFixedRHSA-2024:1017621.11.2024
Red Hat build of Keycloak 26.0rhbk/keycloak-operator-bundleFixedRHSA-2024:1017721.11.2024
Red Hat build of Keycloak 26.0rhbk/keycloak-rhel9FixedRHSA-2024:1017721.11.2024
Red Hat build of Keycloak 26.0rhbk/keycloak-rhel9-operatorFixedRHSA-2024:1017721.11.2024

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-1333
https://bugzilla.redhat.com/show_bug.cgi?id=2321214org.keycloak:keycloak-services: Keycloak Denial of Service

6.5 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2024-10270

CVSS3: 6.5
nvd
около 1 года назад

A vulnerability was found in the Keycloak-services package. If untrusted data is passed to the SearchQueryUtils method, it could lead to a denial of service (DoS) scenario by exhausting system resources due to a Regex complexity.

debian логотип

CVE-2024-10270

CVSS3: 6.5
debian
около 1 года назад

A vulnerability was found in the Keycloak-services package. If untrust ...

github логотип

GHSA-wq8x-cg39-8mrr

CVSS3: 6.5
github
около 1 года назад

org.keycloak:keycloak-services has Inefficient Regular Expression Complexity

fstec логотип

BDU:2025-02196

CVSS3: 6.5
fstec
больше 1 года назад

Уязвимость функции SearchQueryUtils программного средства для управления идентификацией и доступом Keycloak, позволяющая нарушителю вызвать отказ в обслуживании

6.5 Medium

CVSS3