5 matches found
CVE-2024-11734
A denial of service vulnerability was found in Keycloak that could allow an administrative user with the right to change realm settings to disrupt the service. This action is done by modifying any of the security headers and inserting newlines, which causes the Keycloak server to write to a reque...
CVE-2024-11734 Org.keycloak:keycloak-quarkus-server: denial of service in keycloak server via security headers
A denial of service vulnerability was found in Keycloak that could allow an administrative user with the right to change realm settings to disrupt the service. This action is done by modifying any of the security headers and inserting newlines, which causes the Keycloak server to write to a reque...
CVE-2024-11734
CVE-2024-11734 describes a denial-of-service in Keycloak where an admin changing realm security headers could inject newlines, causing the server to write to a terminated request and fail it. The issue affects Keycloak releases prior to 26.0.8 (per Nessus/NVD references) and is related to DoS via...
de.arbeitsagentur.opdt:keycloak-cassandra-model-tests (>=2.5.6-24.0 <=5.0.1-26.0), io.kokuwa.keycloak:keycloak-event-metrics (>=0.1.0 <=1.0.0) +8 more potentially affected by CVE-2024-11734 via org.keycloak:keycloak-quarkus-server (>=12.0.0 <=26.0.7)
org.keycloak:keycloak-quarkus-server MAVEN version =12.0.0, =2.5.6-24.0, =0.1.0, =15.1.0, =15.1.0, =21.1.0, =26.0.0, =15.1.0, =12.0.0, =12.0.0, =26.0.0, =26.0.7 Source cves: CVE-2024-11734 Source advisory: OSV:GHSA-W3G8-R9GW-QRH8...
keycloak -- Multiple security fixes
Keycloak reports: This update includes 2 security fixes: CVE-2024-11734: Unrestricted admin use of system and environment variables CVE-2024-11736: Denial of Service in Keycloak Server via Security Headers...