CVE-2024-10492

NONE EPSS 49.3%

Published Nov 25, 20241y ago · Modified Jun 17, 20261w ago

Published Nov 25, 2024 1y ago

Last Modified Jun 17, 2026 1w ago

Description

A vulnerability was found in Keycloak. A user with high privileges could read sensitive information from a Vault file that is not within the expected context. This attacker must have previous high access to the Keycloak server in order to perform resource creation, for example, an LDAP provider configuration and set up a Vault read file, which will only inform whether that file exists or not.

Threat Intelligence

EPSS Exploit Probability

49.3% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-73

References 8

access.redhat.com https://access.redhat.com/errata/RHSA-2024:10175
access.redhat.com https://access.redhat.com/errata/RHSA-2024:10176
access.redhat.com https://access.redhat.com/errata/RHSA-2024:10177
access.redhat.com https://access.redhat.com/errata/RHSA-2024:10178
access.redhat.com https://access.redhat.com/security/cve/CVE-2024-10492
bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=2322447
github.com https://github.com/keycloak/keycloak/issues/35215
github.com https://github.com/keycloak/keycloak/pull/35223

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.