Description

A vulnerability was found in Keycloak. A user with high privileges could read sensitive information from a Vault file that is not within the expected context. This attacker must have previous high access to the Keycloak server in order to perform resource creation, for example, an LDAP provider configuration and set up a Vault read file, which will only inform whether that file exists or not.

INFO

Published Date :

2024-11-25T07:37:30.572Z

Last Modified :

2025-11-11T16:26:14.590Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2024-10492 vulnerability.

Vendors Products
Redhat
  • Build Keycloak
  • Jboss Enterprise Application Platform
  • Jbosseapxp
  • Red Hat Single Sign On
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-10492.

URL Resource
https://access.redhat.com/errata/RHSA-2024:10175 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:10176 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:10177 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:10178 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2024-10492 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2322447 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-10492 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-10492 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact