CVE-2024-10973

Опубликовано: 07 нояб. 2024

Источник: redhat

CVSS3: 5.7

Описание

A vulnerability was found in Keycloak. The environment option KC_CACHE_EMBEDDED_MTLS_ENABLED does not work and the JGroups replication configuration is always used in plain text which can allow an attacker that has access to adjacent networks related to JGroups to read sensitive information.

Отчет

After evaluation of this vulnerability, Keycloak 22 and 24 are not affected. Red Hat currently only ships Red Hat Build of Keycloak 22 and 24.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Build of Keycloak	org.keycloak/keycloak-quarkus-server	Not affected
Red Hat JBoss Enterprise Application Platform 8	org.keycloak/keycloak-quarkus-server	Not affected
Red Hat JBoss Enterprise Application Platform Expansion Pack	org.keycloak/keycloak-quarkus-server	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-319

https://bugzilla.redhat.com/show_bug.cgi?id=2324361keycloak: CLI option for encrypted JGroups ignored

5.7 Medium

CVSS3

Связанные уязвимости

CVE-2024-10973

CVSS3: 5.7

nvd

около 1 года назад

A vulnerability was found in Keycloak. The environment option `KC_CACHE_EMBEDDED_MTLS_ENABLED` does not work and the JGroups replication configuration is always used in plain text which can allow an attacker that has access to adjacent networks related to JGroups to read sensitive information.

CVE-2024-10973

CVSS3: 5.7

debian

около 1 года назад

A vulnerability was found in Keycloak. The environment option `KC_CACH ...

GHSA-g6qq-c9f9-2772

CVSS3: 5.7

github

около 1 года назад

Keycloak on Quarkus CLI option for encrypted JGroups ignored

5.7 Medium

CVSS3