Keycloak: exposure of sensitive information in pushed authorization requests (par) kc_restart cookie
CVE-2024-4540
7.5HIGH
Key Information
- Vendor
- Red Hat
- Status
- Red Hat Build Of Keycloak
- Red Hat Build Of Keycloak 22
- Red Hat Build Of Keycloak 24
- Red Hat Single Sign-on 7
- Vendor
- CVE Published:
- 3 June 2024
Summary
A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests (PAR). Client-provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization server's HTTP response to a `request_uri` authorization request, possibly leading to an information disclosure vulnerability.
Affected Version(s)
Red Hat build of Keycloak 22 <= 22.0.11-2
Red Hat build of Keycloak 22 <= 22-15
Red Hat build of Keycloak 22 <= 22-18
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Risk change from: null to: 7.5 - (HIGH)
Vulnerability published.
Reported to Red Hat.
Collectors
NVD DatabaseMitre Database
Credit
Red Hat would like to thank Manuel Schallar for reporting this issue.