CVE-2024-10451

CVSS 3.1 Score 5.9 of 10 (medium)

Details

Published Nov 25, 2024
CWE ID 798

Summary

CVE-2024-10451 is a vulnerability affecting Keycloak. This issue arises due to sensitive runtime values, including passwords, being inadvertently captured during the Keycloak build process and embedded as default values in bytecode. In Keyclock 26, environment variables containing sensitive data are also stored as default values, posing a risk during runtime. Moreover, unconditional expansion by the PropertyMapper logic in all Keycloak versions up to 26.0.2 causes indirect usage of environment variables for SPI options and Quarkus properties to capture sensitive data as default values.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share