CVE-2024-10492

CVSS v4.0

5.1

Medium

Vector

AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions: Keycloak (affected versions not specified) Red Hat products (affected versions not specified)

Description: A vulnerability was found in Keycloak, allowing a user with high privileges to read sensitive information from a Vault file that is not within the expected context. This requires previous high access to the Keycloak server to perform resource creation. The issue is related to incorrect external management of file names or paths due to incorrect regular expression checking.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-73CWE-200

Related Identifiers

ALT-PU-2025-13422

ALT-PU-2025-2871

BDU:2024-10695

BDU:2025-02196

CVE-2024-10492

GHSA-5545-R4HG-RJ4M

GHSA-6VRW-MPJ8-3J59

Affected Products

Alt Linux

Keycloak

CVE-2024-10492

Weakness Enumeration

Related Identifiers

Affected Products

References · 39