Описание
A path traversal validation flaw exists in Keycloak’s vault key handling on Windows. The previous fix for CVE-2024-10492 did not account for the Windows file separator (). As a result, a high-privilege administrator could probe for the existence of files outside the expected realm context through crafted vault secret lookups. This is a platform-specific variant/incomplete fix of CVE-2024-10492.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Дополнительная информация
Статус:
2.7 Low
CVSS3
Связанные уязвимости
Rejected reason: Considered by the maintainers a bug scenario experienced rather than a vulnerability.
A path traversal validation flaw exists in Keycloak’s vault key handling on Windows. The previous fix for CVE-2024-10492 did not account for the Windows file separator (\). As a result, a high-privilege administrator could probe for the existence of files outside the expected realm context through crafted vault secret lookups. This is a platform-specific variant/incomplete fix of CVE-2024-10492.
2.7 Low
CVSS3