Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-4028

Опубликовано: 18 фев. 2025
Источник: redhat
CVSS3: 3.8

Описание

A vulnerability was found in Keycloak. This issue may allow a privileged attacker to use a malicious payload as the permission while creating items (Resource and Permissions) from the admin console, leading to a stored cross-site scripting (XSS) attack.

Отчет

Red Hat rates this as a Low impact since this requires previous high privileged administrator account to perform this operation.

Меры по смягчению последствий

Currently the is no mitigation available for this vulnerability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Build of Keycloakkeycloak-coreNot affected
Red Hat Single Sign-On 7rh-sso7-keycloakFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=2276418keycloak-core: Stored XSS in Keycloak when creating a items in Admin Console

3.8 Low

CVSS3

Связанные уязвимости

nvd логотип

CVE-2024-4028

CVSS3: 3.8
nvd
12 месяцев назад

A vulnerability was found in Keycloak. This issue may allow a privileged attacker to use a malicious payload as the permission while creating items (Resource and Permissions) from the admin console, leading to a stored cross-site scripting (XSS) attack.

debian логотип

CVE-2024-4028

CVSS3: 3.8
debian
12 месяцев назад

A vulnerability was found in Keycloak. This issue may allow a privileg ...

github логотип

GHSA-q4xq-445g-g6ch

CVSS3: 3.8
github
12 месяцев назад

Keycloak allows cross-site scripting (XSS)

3.8 Low

CVSS3