Keycloak Admin XSS via Malicious Permission Payload: CVE-2024-4028 February 2025

Keycloak-core: stored xss in keycloak when creating a items in admin console
A vulnerability was found in Keycloak. This issue may allow a privileged attacker to use a malicious payload as the permission while creating items (Resource and Permissions) from the admin console, leading to a stored cross-site scripting (XSS) attack.

Vulnerability Analysis

CVE-2024-4028 is exploitable with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

HIGH

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

LOW

Integrity Impact:

LOW

Availability Impact:

NONE

Timeline

2024-04-22

Reported to Red Hat.

2025-02-18

Made public. 302 days later.

Weakness Type

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Products Associated with CVE-2024-4028

Want to know whenever a new CVE is published for Red Hat products? stack.watch will email you.

Red Hat Keycloak

Red Hat Build Keycloak

Red Hat Single Sign On

Exploit Probability

EPSS

0.19%

Percentile

40.49%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.