Keycloak Vulnerability Exposes Sensitive Information via Unsecured JGroups Configuration
CVE-2024-10973

5.7MEDIUM

Key Information:

Status
Red Hat Build Of Keycloak
Red Hat Jboss Enterprise Application Platform 8
Red Hat Jboss Enterprise Application Platform Expansion Pack
Vendor
CVE Published:
17 December 2024

What is CVE-2024-10973?

CVE-2024-10973 identifies a significant vulnerability in Keycloak where the configuration option KC_CACHE_EMBEDDED_MTLS_ENABLED does not function as intended, resulting in the JGroups replication configuration being exposed in plain text. This security oversight enables attackers on adjacent networks linked to JGroups to potentially intercept sensitive information. As organizations increasingly rely on secure communication protocols, this vulnerability highlights the critical need for proper configuration to prevent data breaches and ensure the integrity of sensitive data.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://access.redhat.com/security/cve/CVE-2024-10973
vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2324361
issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:
5.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

JSON
.