mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
347 lines
17 KiB
JSON
347 lines
17 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2024-4540",
|
|
"ASSIGNER": "secalert@redhat.com",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests (PAR). Client-provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization server's HTTP response to a `request_uri` authorization request, possibly leading to an information disclosure vulnerability."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Exposure of Sensitive Information to an Unauthorized Actor",
|
|
"cweId": "CWE-200"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "Red Hat",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Red Hat Build of Keycloak",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "not down converted",
|
|
"x_cve_json_5_version_data": {
|
|
"defaultStatus": "unaffected"
|
|
}
|
|
},
|
|
{
|
|
"version_value": "not down converted",
|
|
"x_cve_json_5_version_data": {
|
|
"defaultStatus": "unaffected"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "Red Hat build of Keycloak 22",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "not down converted",
|
|
"x_cve_json_5_version_data": {
|
|
"versions": [
|
|
{
|
|
"version": "22.0.11-2",
|
|
"lessThan": "*",
|
|
"versionType": "rpm",
|
|
"status": "unaffected"
|
|
}
|
|
],
|
|
"defaultStatus": "affected"
|
|
}
|
|
},
|
|
{
|
|
"version_value": "not down converted",
|
|
"x_cve_json_5_version_data": {
|
|
"versions": [
|
|
{
|
|
"version": "22-15",
|
|
"lessThan": "*",
|
|
"versionType": "rpm",
|
|
"status": "unaffected"
|
|
}
|
|
],
|
|
"defaultStatus": "affected"
|
|
}
|
|
},
|
|
{
|
|
"version_value": "not down converted",
|
|
"x_cve_json_5_version_data": {
|
|
"versions": [
|
|
{
|
|
"version": "22-18",
|
|
"lessThan": "*",
|
|
"versionType": "rpm",
|
|
"status": "unaffected"
|
|
}
|
|
],
|
|
"defaultStatus": "affected"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "Red Hat build of Keycloak 24",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "not down converted",
|
|
"x_cve_json_5_version_data": {
|
|
"versions": [
|
|
{
|
|
"version": "24.0.5-2",
|
|
"lessThan": "*",
|
|
"versionType": "rpm",
|
|
"status": "unaffected"
|
|
}
|
|
],
|
|
"defaultStatus": "affected"
|
|
}
|
|
},
|
|
{
|
|
"version_value": "not down converted",
|
|
"x_cve_json_5_version_data": {
|
|
"versions": [
|
|
{
|
|
"version": "24-10",
|
|
"lessThan": "*",
|
|
"versionType": "rpm",
|
|
"status": "unaffected"
|
|
}
|
|
],
|
|
"defaultStatus": "affected"
|
|
}
|
|
},
|
|
{
|
|
"version_value": "not down converted",
|
|
"x_cve_json_5_version_data": {
|
|
"versions": [
|
|
{
|
|
"version": "24-10",
|
|
"lessThan": "*",
|
|
"versionType": "rpm",
|
|
"status": "unaffected"
|
|
}
|
|
],
|
|
"defaultStatus": "affected"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "Red Hat Single Sign-On 7",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "not down converted",
|
|
"x_cve_json_5_version_data": {
|
|
"defaultStatus": "unaffected"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "Red Hat Single Sign-On 7.6 for RHEL 7",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "not down converted",
|
|
"x_cve_json_5_version_data": {
|
|
"versions": [
|
|
{
|
|
"version": "0:18.0.14-1.redhat_00001.1.el7sso",
|
|
"lessThan": "*",
|
|
"versionType": "rpm",
|
|
"status": "unaffected"
|
|
}
|
|
],
|
|
"defaultStatus": "affected"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "Red Hat Single Sign-On 7.6 for RHEL 8",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "not down converted",
|
|
"x_cve_json_5_version_data": {
|
|
"versions": [
|
|
{
|
|
"version": "0:18.0.14-1.redhat_00001.1.el8sso",
|
|
"lessThan": "*",
|
|
"versionType": "rpm",
|
|
"status": "unaffected"
|
|
}
|
|
],
|
|
"defaultStatus": "affected"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "Red Hat Single Sign-On 7.6 for RHEL 9",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "not down converted",
|
|
"x_cve_json_5_version_data": {
|
|
"versions": [
|
|
{
|
|
"version": "0:18.0.14-1.redhat_00001.1.el9sso",
|
|
"lessThan": "*",
|
|
"versionType": "rpm",
|
|
"status": "unaffected"
|
|
}
|
|
],
|
|
"defaultStatus": "affected"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "RHEL-8 based Middleware Containers",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "not down converted",
|
|
"x_cve_json_5_version_data": {
|
|
"versions": [
|
|
{
|
|
"version": "7.6-49",
|
|
"lessThan": "*",
|
|
"versionType": "rpm",
|
|
"status": "unaffected"
|
|
}
|
|
],
|
|
"defaultStatus": "affected"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://access.redhat.com/errata/RHSA-2024:3566",
|
|
"refsource": "MISC",
|
|
"name": "https://access.redhat.com/errata/RHSA-2024:3566"
|
|
},
|
|
{
|
|
"url": "https://access.redhat.com/errata/RHSA-2024:3567",
|
|
"refsource": "MISC",
|
|
"name": "https://access.redhat.com/errata/RHSA-2024:3567"
|
|
},
|
|
{
|
|
"url": "https://access.redhat.com/errata/RHSA-2024:3568",
|
|
"refsource": "MISC",
|
|
"name": "https://access.redhat.com/errata/RHSA-2024:3568"
|
|
},
|
|
{
|
|
"url": "https://access.redhat.com/errata/RHSA-2024:3570",
|
|
"refsource": "MISC",
|
|
"name": "https://access.redhat.com/errata/RHSA-2024:3570"
|
|
},
|
|
{
|
|
"url": "https://access.redhat.com/errata/RHSA-2024:3572",
|
|
"refsource": "MISC",
|
|
"name": "https://access.redhat.com/errata/RHSA-2024:3572"
|
|
},
|
|
{
|
|
"url": "https://access.redhat.com/errata/RHSA-2024:3573",
|
|
"refsource": "MISC",
|
|
"name": "https://access.redhat.com/errata/RHSA-2024:3573"
|
|
},
|
|
{
|
|
"url": "https://access.redhat.com/errata/RHSA-2024:3574",
|
|
"refsource": "MISC",
|
|
"name": "https://access.redhat.com/errata/RHSA-2024:3574"
|
|
},
|
|
{
|
|
"url": "https://access.redhat.com/errata/RHSA-2024:3575",
|
|
"refsource": "MISC",
|
|
"name": "https://access.redhat.com/errata/RHSA-2024:3575"
|
|
},
|
|
{
|
|
"url": "https://access.redhat.com/errata/RHSA-2024:3576",
|
|
"refsource": "MISC",
|
|
"name": "https://access.redhat.com/errata/RHSA-2024:3576"
|
|
},
|
|
{
|
|
"url": "https://access.redhat.com/security/cve/CVE-2024-4540",
|
|
"refsource": "MISC",
|
|
"name": "https://access.redhat.com/security/cve/CVE-2024-4540"
|
|
},
|
|
{
|
|
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279303",
|
|
"refsource": "MISC",
|
|
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2279303"
|
|
}
|
|
]
|
|
},
|
|
"work_around": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
|
|
}
|
|
],
|
|
"credits": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Red Hat would like to thank Manuel Schallar for reporting this issue."
|
|
}
|
|
],
|
|
"impact": {
|
|
"cvss": [
|
|
{
|
|
"attackComplexity": "LOW",
|
|
"attackVector": "NETWORK",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 7.5,
|
|
"baseSeverity": "HIGH",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "NONE",
|
|
"privilegesRequired": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"userInteraction": "NONE",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
|
|
"version": "3.1"
|
|
}
|
|
]
|
|
}
|
|
} |