Multiple vulnerabilities in Keycloak



Risk High
Patch available YES
Number of vulnerabilities 5
CVE-ID CVE-2024-10039
CVE-2024-9666
CVE-2024-10492
CVE-2024-10270
CVE-2024-10451
CWE-ID CWE-287
CWE-20
CWE-73
CWE-185
CWE-200
Exploitation vector Network
Public exploit N/A
Vulnerable software
Keycloak
Server applications / Directory software, identity management

Vendor Keycloak

Security Bulletin

This security bulletin contains information about 5 vulnerabilities.

1) Improper Authentication

EUVDB-ID: #VU100910

Risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-10039

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in the authentication process in the Keycloak deployments with a reverse proxy not using pass-through termination of TLS and with enabled mTLS. A remote attacker can authenticate as any user or client that leverages mTLS as the authentication mechanism.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Keycloak: 20.0.0 - 26.0.5

CPE2.3 External links

http://github.com/keycloak/keycloak/security/advisories/GHSA-93ww-43rr-79v3
http://bugzilla.redhat.com/show_bug.cgi?id=2319217


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Input validation error

EUVDB-ID: #VU100909

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-9666

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of HTTP proxy headers. When Keycloak is configured to accept incoming proxy headers, it may accept non-IP values, such as obfuscated identifiers, without proper validation. This can lead to costly DNS resolution operations, which an attacker could exploit to tie up IO threads and potentially cause a denial of service.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Keycloak: 20.0.0 - 26.0.5

CPE2.3
External links

http://bugzilla.redhat.com/show_bug.cgi?id=2317440
http://github.com/keycloak/keycloak/security/advisories/GHSA-jgwc-jh89-rpgq


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) External Control of File Name or Path

EUVDB-ID: #VU100908

Risk: Low

CVSSv3.1: 2.4 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-10492

CWE-ID: CWE-73 - External Control of File Name or Path

Exploit availability: No

Description

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to application allows to read files onside of its scope. A remote privileged user can read sensitive information from a Vault file that is not within the expected context.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Keycloak: 20.0.0 - 26.0.5

CPE2.3
External links

http://bugzilla.redhat.com/show_bug.cgi?id=2322447
http://github.com/keycloak/keycloak/security/advisories/GHSA-5545-r4hg-rj4m


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Incorrect Regular Expression

EUVDB-ID: #VU100907

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-10270

CWE-ID: CWE-185 - Incorrect Regular Expression

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation when processing regular expressions in SearchQueryUtils method. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Keycloak: 20.0.0 - 26.0.5

CPE2.3
External links

http://bugzilla.redhat.com/show_bug.cgi?id=2321214
http://github.com/keycloak/keycloak/security/advisories/GHSA-wq8x-cg39-8mrr


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Information disclosure

EUVDB-ID: #VU100906

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-10451

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to application includes values of environment variables during its build process. These values are stored as default values and are accessible during application's runtime. A remote attacker can gain access to sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Keycloak: 20.0.0 - 26.0.5

CPE2.3
External links

http://bugzilla.redhat.com/show_bug.cgi?id=2322096
http://github.com/keycloak/keycloak/security/advisories/GHSA-v7gv-xpgf-6395


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###