A vulnerability was found in Keycloak. Deployments of Keycloak with a reverse proxy not using pass-through termination of TLS, with mTLS enabled, are affected. This issue may allow an attacker on the local network to authenticate as any user or client that leverages mTLS as the authentication mechanism.
Metrics
Affected Vendors & Products
References
History
Fri, 22 Nov 2024 14:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A vulnerability was found in Keycloak. Deployments of Keycloak with a reverse proxy not using pass-through termination of TLS, with mTLS enabled, are affected. This issue may allow an attacker on the local network to authenticate as any user or client that leverages mTLS as the authentication mechanism. | |
Title | keycloak-core: mTLS passthrough | |
First Time appeared |
Redhat
Redhat build Keycloak |
|
Weaknesses | CWE-295 | |
CPEs | cpe:/a:redhat:build_keycloak:24 cpe:/a:redhat:build_keycloak:24::el9 cpe:/a:redhat:build_keycloak:26 cpe:/a:redhat:build_keycloak:26.0::el9 |
|
Vendors & Products |
Redhat
Redhat build Keycloak |
|
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|
MITRE
No data.
Vulnrichment
No data.
NVD
No data.
Redhat