Home > Vulnerability Database > CVE-2024-10973

Mend.io Vulnerability Database

CVE-2024-10973

Good to know:

Date: December 17, 2024

A vulnerability was found in Keycloak. The environment option "KC_CACHE_EMBEDDED_MTLS_ENABLED" does not work and the JGroups replication configuration is always used in plain text which can allow an attacker that has access to adjacent networks related to JGroups to read sensitive information.

Language: Java

Severity Score

5.7

Related Resources (12)

Url: https://github.com/keycloak/keycloak/commit/071032a108bd9e9fce9e66d00c36d56bd4b334df

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2324361

Url: https://github.com/keycloak/keycloak/pull/28756

Url: https://github.com/keycloak/keycloak/pull/34668

Url: https://github.com/keycloak/keycloak/security/advisories/GHSA-g6qq-c9f9-2772

Url: https://access.redhat.com/security/cve/CVE-2024-10973

Url: https://github.com/keycloak/keycloak/commit/36defd5f33b2da5d705f179bbaa21c28b13a9996

Url: https://github.com/keycloak/keycloak/issues/28750

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-10973

Url: https://github.com/keycloak/keycloak/issues/34644

Url: https://github.com/keycloak/keycloak

Url: https://www.mend.io/vulnerability-database/CVE-2024-10973

Severity Score

5.7

Weakness Type (CWE)

Cleartext Transmission of Sensitive Information

CWE-319

Top Fix

Upgrade Version

Upgrade to version org.keycloak:keycloak-quarkus-server:26.0.6

Learn More

CVSS v3.1

Base Score:	5.7
Attack Vector (AV):	ADJACENT_NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-10973

Good to know:

Date: December 17, 2024

Language: Java

Severity Score

Related Resources (12)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?