A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise.
Metrics
Affected Vendors & Products
References
History
Mon, 23 Dec 2024 13:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Mon, 23 Dec 2024 02:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:red_hat_single_sign_on:7.6 |
Fri, 22 Nov 2024 12:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Thu, 10 Oct 2024 06:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:build_keycloak:22 | |
References |
|
Thu, 10 Oct 2024 02:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
threat_severity
|
Wed, 09 Oct 2024 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 09 Oct 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise. | |
Title | Keycloak: unguarded admin rest api endpoints allows low privilege users to use administrative functionalities | |
First Time appeared |
Redhat
Redhat build Keycloak Redhat jboss Enterprise Application Platform Redhat red Hat Single Sign On |
|
Weaknesses | CWE-200 | |
CPEs | cpe:/a:redhat:build_keycloak: cpe:/a:redhat:jboss_enterprise_application_platform:8 cpe:/a:redhat:red_hat_single_sign_on:7 |
|
Vendors & Products |
Redhat
Redhat build Keycloak Redhat jboss Enterprise Application Platform Redhat red Hat Single Sign On |
|
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2024-10-09T18:59:11.101Z
Updated: 2024-12-23T13:18:09.356Z
Reserved: 2024-04-11T13:57:15.173Z
Link: CVE-2024-3656
Vulnrichment
Updated: 2024-11-14T16:58:52.300Z
NVD
Status : Awaiting Analysis
Published: 2024-10-09T19:15:13.547
Modified: 2024-12-23T14:15:05.553
Link: CVE-2024-3656
Redhat