CVE-2024-4540

EPSS 0.38%
Veröffentlicht 03.06.2024 16:15:08
Zuletzt bearbeitet 21.11.2024 09:43:04
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests (PAR). Client-provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization server's HTTP response to a `request_uri` authorization request, possibly leading to an information disclosure vulnerability.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 14

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Collection URLhttps://github.com/keycloak/keycloak

≫

Paket keycloak

Version < *

Version d5e82356f90893ca3b308a7e10020103e402369a

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Build of Keycloak

Default Statusunaffected

HerstellerRed Hat

≫

Produkt Red Hat Build of Keycloak

Default Statusunaffected

HerstellerRed Hat

≫

Produkt Red Hat build of Keycloak 22

Default Statusaffected

Version < *

Version 22.0.11-2

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat build of Keycloak 22

Default Statusaffected

Version < *

Version 22-15

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat build of Keycloak 22

Default Statusaffected

Version < *

Version 22-18

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat build of Keycloak 24

Default Statusaffected

Version < *

Version 24.0.5-2

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat build of Keycloak 24

Default Statusaffected

Version < *

Version 24-10

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat build of Keycloak 24

Default Statusaffected

Version < *

Version 24-10

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Single Sign-On 7

Default Statusunaffected

HerstellerRed Hat

≫

Produkt Red Hat Single Sign-On 7.6 for RHEL 7

Default Statusaffected

Version < *

Version 0:18.0.14-1.redhat_00001.1.el7sso

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Single Sign-On 7.6 for RHEL 8

Default Statusaffected

Version < *

Version 0:18.0.14-1.redhat_00001.1.el8sso

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Single Sign-On 7.6 for RHEL 9

Default Statusaffected

Version < *

Version 0:18.0.14-1.redhat_00001.1.el9sso

Status unaffected

HerstellerRed Hat

≫

Produkt RHEL-8 based Middleware Containers

Default Statusaffected

Version < *

Version 7.6-49

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.38%	0.586

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secalert@redhat.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://access.redhat.com/errata/RHSA-2024:3566

https://access.redhat.com/errata/RHSA-2024:3567

https://access.redhat.com/errata/RHSA-2024:3568

https://access.redhat.com/errata/RHSA-2024:3570

https://access.redhat.com/errata/RHSA-2024:3572

https://access.redhat.com/errata/RHSA-2024:3573

https://access.redhat.com/errata/RHSA-2024:3574

https://access.redhat.com/errata/RHSA-2024:3575

https://access.redhat.com/errata/RHSA-2024:3576

https://access.redhat.com/security/cve/CVE-2024-4540

https://bugzilla.redhat.com/show_bug.cgi?id=2279303

https://nvd.nist.gov/vuln/detail/CVE-2024-4540

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-4540

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-4540

EUVD