Lucene search
+L

5 matches found

NVD
NVD
added 2025/01/14 9:15 a.m.17 views

CVE-2024-11734

A denial of service vulnerability was found in Keycloak that could allow an administrative user with the right to change realm settings to disrupt the service. This action is done by modifying any of the security headers and inserting newlines, which causes the Keycloak server to write to a reque...

6.5CVSS0.00943EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/01/14 8:35 a.m.11 views

CVE-2024-11734 Org.keycloak:keycloak-quarkus-server: denial of service in keycloak server via security headers

A denial of service vulnerability was found in Keycloak that could allow an administrative user with the right to change realm settings to disrupt the service. This action is done by modifying any of the security headers and inserting newlines, which causes the Keycloak server to write to a reque...

6.5CVSS6.5AI score0.00943EPSS
Exploits0References4
CVE
CVE
added 2025/01/14 8:35 a.m.116 views

CVE-2024-11734

CVE-2024-11734 describes a denial-of-service in Keycloak where an admin changing realm security headers could inject newlines, causing the server to write to a terminated request and fail it. The issue affects Keycloak releases prior to 26.0.8 (per Nessus/NVD references) and is related to DoS via...

6.5CVSS6.5AI score0.00943EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2025/01/13 4:58 p.m.7 views

de.arbeitsagentur.opdt:keycloak-cassandra-model-tests (>=2.5.6-24.0 <=5.0.1-26.0), io.kokuwa.keycloak:keycloak-event-metrics (>=0.1.0 <=1.0.0) +8 more potentially affected by CVE-2024-11734 via org.keycloak:keycloak-quarkus-server (>=12.0.0 <=26.0.7)

org.keycloak:keycloak-quarkus-server MAVEN version =12.0.0, =2.5.6-24.0, =0.1.0, =15.1.0, =15.1.0, =21.1.0, =26.0.0, =15.1.0, =12.0.0, =12.0.0, =26.0.0, =26.0.7 Source cves: CVE-2024-11734 Source advisory: OSV:GHSA-W3G8-R9GW-QRH8...

6.5CVSS6AI score0.00943EPSS
Exploits0
FreeBSD
FreeBSD
added 2025/01/13 12:0 a.m.14 views

keycloak -- Multiple security fixes

Keycloak reports: This update includes 2 security fixes: CVE-2024-11734: Unrestricted admin use of system and environment variables CVE-2024-11736: Denial of Service in Keycloak Server via Security Headers...

6.5CVSS7AI score0.00943EPSS
Exploits0
Rows per page
Query Builder