Vulnerability Description
A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2024:3572
- https://access.redhat.com/errata/RHSA-2024:3575
- https://access.redhat.com/security/cve/CVE-2024-3656
- https://bugzilla.redhat.com/show_bug.cgi?id=2274403
- https://github.com/advisories/GHSA-2cww-fgmg-4jqc
- https://github.com/hnsecurity/vulns/blob/main/HNS-2024-08-Keycloak.md
- https://news.ycombinator.com/item?id=42136000
- https://security.humanativaspa.it/an-analysis-of-the-keycloak-authentication-sys
FAQ
What is CVE-2024-3656?
CVE-2024-3656 is a vulnerability with a CVSS score of 8.1 (HIGH). A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for ...
How severe is CVE-2024-3656?
CVE-2024-3656 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-3656?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.