Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2024-10492

Good to know:

icon
icon

Date: November 25, 2024

A vulnerability was found in Keycloak. A user with high privileges could read sensitive information from a Vault file that is not within the expected context. This attacker must have previous high access to the Keycloak server in order to perform resource creation, for example, an LDAP provider configuration and set up a Vault read file, which will only inform whether that file exists or not.

Language: Java

Severity Score

Related Resources (12)

https://nvd.nist.gov/vuln/detail/CVE-2024-10492
https://bugzilla.redhat.com/show_bug.cgi?id=2322447
https://github.com/keycloak/keycloak/security/advisories/GHSA-5545-r4hg-rj4m
https://access.redhat.com/errata/RHSA-2024:10175
https://github.com/keycloak/keycloak/commit/d60cb9aaefc4035d322862edd8f9f252af6da951
https://access.redhat.com/errata/RHSA-2024:10176
https://access.redhat.com/errata/RHSA-2024:10177
https://access.redhat.com/errata/RHSA-2024:10178
https://github.com/keycloak/keycloak
https://github.com/keycloak/keycloak/issues/35215
https://access.redhat.com/security/cve/CVE-2024-10492
https://www.mend.io/vulnerability-database/CVE-2024-10492

Severity Score

Weakness Type (CWE)

External Control of File Name or Path

CWE-73

Top Fix

icon

Upgrade Version

Upgrade to version org.keycloak:keycloak-quarkus-server:26.0.6;org.keycloak:keycloak-quarkus-server:26.0.6

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): HIGH
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): NONE
Availability (A): NONE

Do you need more information?

Contact Us