3 matches found
CVE-2024-3656 Keycloak: unguarded admin rest api endpoints allows low privilege users to use administrative functionalities
A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise...
CVE-2024-3656
The issue CVE-2024-3656 affects Keycloak prior to 24.0.5, where several admin REST API endpoints allow low-privilege users to perform administrator actions. The root cause is broken access control enabling authenticated non-admin users to access functionalities intended for admins, potentially le...
Keycloak < 24.0.5 Unauthorized Access (CVE-2024-3656)
In Keycloak prior to 24.0.5, users with low privileges just plain users in the realm are able to utilize administrative functionalities within Keycloak admin interface. This issue presents a significant security risk as it allows unauthorized users to perform actions reserved for administrators,...