{ "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2024-3656", "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", "value": "A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Exposure of Sensitive Information to an Unauthorized Actor", "cweId": "CWE-200" } ] } ] }, "affects": { "vendor": { "vendor_data": [ { "vendor_name": "Red Hat", "product": { "product_data": [ { "product_name": "Red Hat Build of Keycloak", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "unaffected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected" } } ] } }, { "product_name": "Red Hat JBoss Enterprise Application Platform 8", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "unaffected" } } ] } }, { "product_name": "Red Hat Single Sign-On 7", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected" } } ] } } ] } } ] } }, "references": { "reference_data": [ { "url": "https://access.redhat.com/errata/RHSA-2024:3575", "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2024:3575" }, { "url": "https://access.redhat.com/security/cve/CVE-2024-3656", "refsource": "MISC", "name": "https://access.redhat.com/security/cve/CVE-2024-3656" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274403", "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2274403" }, { "url": "https://github.com/advisories/GHSA-2cww-fgmg-4jqc", "refsource": "MISC", "name": "https://github.com/advisories/GHSA-2cww-fgmg-4jqc" } ] }, "work_around": [ { "lang": "en", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." } ], "credits": [ { "lang": "en", "value": "Red Hat would like to thank Maurizio Agazzini for reporting this issue. Upstream acknowledges the Keycloak project as the original reporter." } ], "impact": { "cvss": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" } ] } }