CVE-2024-10973

Published: Dec 17, 2024Modified: Dec 17, 2024

5.7

Vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.1 / Impact: 3.6

Source: secalert@redhat.com (Secondary)

Description

A vulnerability was found in Keycloak. The environment option `KC_CACHE_EMBEDDED_MTLS_ENABLED` does not work and the JGroups replication configuration is always used in plain text which can allow an attacker that has access to adjacent networks related to JGroups to read sensitive information.

Related CWEs

CWE-319

Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References (2)

https://access.redhat.com/security/cve/CVE-2024-10973

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2324361

Source: secalert@redhat.com

Timeline

No history available yet.