icon

We found results for “

CVE-2024-10492

Good to know:

icon
icon

Date: November 25, 2024

A vulnerability was found in Keycloak. A user with high privileges could read sensitive information from a Vault file that is not within the expected context. This attacker must have previous high access to the Keycloak server in order to perform resource creation, for example, an LDAP provider configuration and set up a Vault read file, which will only inform whether that file exists or not.

Language: Java

Severity Score

Severity Score

Weakness Type (CWE)

External Control of File Name or Path

CWE-73

Top Fix

icon

Upgrade Version

Upgrade to version org.keycloak:keycloak-quarkus-server:26.0.6;org.keycloak:keycloak-quarkus-server:26.0.6

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): HIGH
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): NONE
Availability (A): NONE

Do you need more information?

Contact Us