Keycloak Privilege Escalation via Vault File Access
CVE-2024-10492 Published on November 25, 2024

Keycloak-quarkus-server: keycloak path trasversal
A vulnerability was found in Keycloak. A user with high privileges could read sensitive information from a Vault file that is not within the expected context. This attacker must have previous high access to the Keycloak server in order to perform resource creation, for example, an LDAP provider configuration and set up a Vault read file, which will only inform whether that file exists or not.

Github Repository Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Timeline

Reported to Red Hat.

Made public. 23 days later.

Weakness Type

External Control of File Name or Path

The software allows user input to control or influence paths or file names that are used in filesystem operations.


Products Associated with CVE-2024-10492

Want to know whenever a new CVE is published for Red Hat products? stack.watch will email you.

Red Hat Keycloak
 
Red Hat Build Keycloak
 
Red Hat Jboss Enterprise Application Platform
 
Red Hat Jbosseapxp
 
Red Hat Single Sign On
 

Vulnerable Packages

The following package name and versions may be associated with CVE-2024-10492

Package Manager Vulnerable Package Versions Fixed In
maven org.keycloak:keycloak-quarkus-server < 24.0.9 26.0.6
maven org.keycloak:keycloak-quarkus-server >= 25.0.0, < 26.0.6 26.0.6

Exploit Probability

EPSS
0.08%
Percentile
23.32%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.