CVE-2024-4540

A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests (PAR). Client-provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization server's HTTP response to a `request_uri` authorization request, possibly leading to an information disclosure vulnerability.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2024:3566
https://access.redhat.com/errata/RHSA-2024:3567
https://access.redhat.com/errata/RHSA-2024:3568
https://access.redhat.com/errata/RHSA-2024:3570
https://access.redhat.com/errata/RHSA-2024:3572
https://access.redhat.com/errata/RHSA-2024:3573
https://access.redhat.com/errata/RHSA-2024:3574
https://access.redhat.com/errata/RHSA-2024:3575
https://access.redhat.com/errata/RHSA-2024:3576
https://access.redhat.com/security/cve/CVE-2024-4540
https://bugzilla.redhat.com/show_bug.cgi?id=2279303

Configurations

No configuration.

History

No history.

Information

Published : 2024-06-03 16:15

Updated : 2024-06-03 23:15

NVD link : CVE-2024-4540

Mitre link : CVE-2024-4540

CVE.ORG link : CVE-2024-4540

JSON object : View

Products Affected

No product.

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2024-4540", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-06-03T16:15:08.993", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:3566", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:3567", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:3568", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:3570", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:3572", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:3573", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:3574", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:3575", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:3576", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2024-4540", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279303", "source": "secalert@redhat.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests (PAR). Client-provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization server's HTTP response to a `request_uri` authorization request, possibly leading to an information disclosure vulnerability."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en Keycloak en las solicitudes de autorizaci\u00f3n push (PAR) de OAuth 2.0. Se descubri\u00f3 que los par\u00e1metros proporcionados por el cliente estaban incluidos en texto plano en la cookie KC_RESTART devuelta por la respuesta HTTP del servidor de autorizaci\u00f3n a una solicitud de autorizaci\u00f3n `request_uri`, lo que posiblemente conduzca a una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n."}], "lastModified": "2024-06-03T23:15:08.930", "sourceIdentifier": "secalert@redhat.com"}