5.7
CVE-2024-10973
- EPSS 0.02%
- Published 17.12.2024 23:15:05
- Last modified 17.12.2024 23:15:05
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
A vulnerability was found in Keycloak. The environment option `KC_CACHE_EMBEDDED_MTLS_ENABLED` does not work and the JGroups replication configuration is always used in plain text which can allow an attacker that has access to adjacent networks related to JGroups to read sensitive information.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Collection URLhttps://github.com/keycloak/keycloak
≫
Package
keycloak
Default Statusaffected
Version <
23.0
Version
22.0
Status
unaffected
Version <
25.0
Version
24.0
Status
unaffected
Version <
*
Version
26.0.6
Status
unaffected
VendorRed Hat
≫
Product
Red Hat Build of Keycloak
Default Statusunaffected
VendorRed Hat
≫
Product
Red Hat JBoss Enterprise Application Platform 8
Default Statusunaffected
VendorRed Hat
≫
Product
Red Hat JBoss Enterprise Application Platform Expansion Pack
Default Statusunaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.024 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| secalert@redhat.com | 5.7 | 2.1 | 3.6 |
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
CWE-319 Cleartext Transmission of Sensitive Information
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.