Lucene search

K

[email protected]NVD:CVE-2024-4540

HistoryJun 03, 2024 - 4:15 p.m.

CVE-2024-4540

2024-06-0316:15:08

CWE-200

[email protected]

web.nvd.nist.gov

1

keycloak

oauth 2.0

plaintext exposure

vulnerability

information disclosure

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.2%

A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests (PAR). Client-provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization server’s HTTP response to a request_uri authorization request, possibly leading to an information disclosure vulnerability.

References

access.redhat.com/errata/RHSA-2024:3566

access.redhat.com/errata/RHSA-2024:3567

access.redhat.com/errata/RHSA-2024:3568

access.redhat.com/errata/RHSA-2024:3570

access.redhat.com/errata/RHSA-2024:3572

access.redhat.com/errata/RHSA-2024:3573

access.redhat.com/errata/RHSA-2024:3574

access.redhat.com/errata/RHSA-2024:3575

access.redhat.com/errata/RHSA-2024:3576

access.redhat.com/security/cve/CVE-2024-4540

bugzilla.redhat.com/show_bug.cgi?id=2279303

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.2%

Related for NVD:CVE-2024-4540

nessus3 cve1 veracode1 redhat9 cvelist1 redhatcve1 vulnrichment1