CVE-2024-3656

Name of the Vulnerable Software and Affected Versions Keycloak versions prior to 24.0.5

Description A flaw was found in Keycloak, where certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This issue presents a significant security risk as it allows unauthorized users to perform actions reserved for administrators, potentially leading to data breaches or system compromise. The vulnerability is actively exploited in the wild. Over 39,000 results are found on ZoomEye, and over 763,000 services are found on the affected platform yearly.

Recommendations For versions prior to 24.0.5, upgrade to version 24.0.5 or newer to secure your systems. As a temporary workaround, consider restricting access to the administrative REST API endpoints until a patch is available. Avoid using the administrative functionalities in the Keycloak admin interface with low-privilege users until the issue is resolved.