cve/2024/CVE-2024-5967.md

### [CVE-2024-5967](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5967)
![](https://img.shields.io/static/v1?label=Product&message=RHEL-8%20based%20Middleware%20Containers&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Build%20of%20Keycloak&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Single%20Sign-On%207&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Single%20Sign-On%207.6%20for%20RHEL%207&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Single%20Sign-On%207.6%20for%20RHEL%208&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Single%20Sign-On%207.6%20for%20RHEL%209&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Keycloak%2022&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Incorrect%20Default%20Permissions&color=brighgreen)

### Description

A vulnerability was found in Keycloak. The LDAP testing endpoint allows changing the Connection URL  independently without re-entering the currently configured LDAP bind credentials. This flaw allows an attacker with admin access (permission manage-realm) to change the LDAP host URL ("Connection URL") to a machine they control. The Keycloak server will connect to the attacker's host and try to authenticate with the configured credentials, thus leaking them to the attacker. As a consequence, an attacker who has compromised the admin console or compromised a user with sufficient privileges can leak domain credentials and attack the domain.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/leoambrus/artefactswithoutCVEonGitHubAdvisoryDatabase