CVE-2024-10039

Name of the Vulnerable Software and Affected Versions: Keycloak (affected versions not specified)

Description: The issue is related to an error in certificate authentication in the implementation of the mTLS protocol in Keycloak, which is a software tool for identity and access management. This could allow an attacker to bypass security restrictions and gain unauthorized access to protected information. Deployments of Keycloak with a reverse proxy not using pass-through termination of TLS, and with mTLS enabled, are affected. An attacker on the local network may authenticate as any user or client that uses mTLS as the authentication mechanism.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.