CVE-2024-1722

🗓️ 27 Feb 2024 17:39:13Reported by redhatType

A flaw in Keycloak allowing remote unauthenticated attacker to block login

Reporter	Title	Published	Views	Family All 16
Circl	CVE-2024-1722	21 Feb 202422:11	–	circl
CNNVD	Red Hat Keycloak Security Vulnerability	21 Feb 202400:00	–	cnnvd
Cvelist	CVE-2024-1722 Keycloak-core: dos via account lockout	27 Feb 202417:39	–	cvelist
EUVD	EUVD-2024-2026	3 Oct 202520:07	–	euvd
Github Security Blog	Duplicate Advisory: Keycloak DoS via account lockout	29 Feb 202403:33	–	github
Github Security Blog	Keycloak Denial of Service via account lockout	12 Jun 202419:42	–	github
NVD	CVE-2024-1722	29 Feb 202401:43	–	nvd
OSV	CVE-2024-1722	29 Feb 202401:43	–	osv
OSV	GHSA-3HRR-XWVG-HXVR Duplicate Advisory: Keycloak DoS via account lockout	29 Feb 202403:33	–	osv
OSV	GHSA-CQ42-VHV7-XR7P Keycloak Denial of Service via account lockout	12 Jun 202419:42	–	osv

NVD

Node

redhat keycloakMatch23.0.5

[
  {
    "versions": [
      {
        "status": "affected",
        "version": "4.15.0"
      }
    ],
    "packageName": "keycloak-core",
    "collectionURL": "https://bitbucket.org/b_c/jose4j/src/master/",
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Build of Keycloak",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "keycloak-core",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:build_keycloak:"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Single Sign-On 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rh-sso7-keycloak",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:red_hat_single_sign_on:7"
    ]
  }
]

Source	Link
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
access	www.access.redhat.com/security/cve/CVE-2024-1722

21 Nov 2025 06:27Current

3.9Low risk

Vulners AI Score3.9

CVSS 3.13.7 - 5.3

EPSS0.00199

SSVC

CWE-645