CVE-2024-10451
CVSS 3.1 Score 5.9 of 10 (medium)
Details
Summary
CVE-2024-10451 is a vulnerability affecting Keycloak. This issue arises due to sensitive runtime values, including passwords, being inadvertently captured during the Keycloak build process and embedded as default values in bytecode. In Keyclock 26, environment variables containing sensitive data are also stored as default values, posing a risk during runtime. Moreover, unconditional expansion by the PropertyMapper logic in all Keycloak versions up to 26.0.2 causes indirect usage of environment variables for SPI options and Quarkus properties to capture sensitive data as default values.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.