cve/2024/CVE-2024-4540.md

### [CVE-2024-4540](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4540)
![](https://img.shields.io/static/v1?label=Product&message=RHEL-8%20based%20Middleware%20Containers&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Build%20of%20Keycloak&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Single%20Sign-On%207&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Single%20Sign-On%207.6%20for%20RHEL%207&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Single%20Sign-On%207.6%20for%20RHEL%208&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Single%20Sign-On%207.6%20for%20RHEL%209&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Keycloak%2022&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Keycloak%2024&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=null&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brightgreen)

### Description

A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests (PAR). Client-provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization server's HTTP response to a `request_uri` authorization request, possibly leading to an information disclosure vulnerability.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/leoambrus/artefactswithoutCVEonGitHubAdvisoryDatabase
Update CVE sources 2025-09-29 16:08 2025-09-29 16:08:36 +00:00			`### [CVE-2024-4540](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4540)`
			`![](https://img.shields.io/static/v1?label=Product&message=RHEL-8%20based%20Middleware%20Containers&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Build%20of%20Keycloak&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Single%20Sign-On%207&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Single%20Sign-On%207.6%20for%20RHEL%207&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Single%20Sign-On%207.6%20for%20RHEL%208&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Single%20Sign-On%207.6%20for%20RHEL%209&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Keycloak%2022&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Keycloak%2024&color=blue)`
Update CVE list 2025-09-29 21:09 2025-09-29 21:09:30 +02:00			`![](https://img.shields.io/static/v1?label=Product&message=null&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brightgreen)`
Update CVE sources 2025-09-29 16:08 2025-09-29 16:08:36 +00:00
			`### Description`

			A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests (PAR). Client-provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization server's HTTP response to a `request_uri` authorization request, possibly leading to an information disclosure vulnerability.

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/leoambrus/artefactswithoutCVEonGitHubAdvisoryDatabase`