​
DirectorySecurity Advisories
Sign In
Security Advisories

CGA-4qmx-6685-qc88

Published

Last updated

https://images.chainguard.dev/security/CGA-4qmx-6685-qc88
Package

keycloak-fips

Latest Update
Fixed
Fixed Version

25.0.0-r0

Aliases
  • CVE-2024-3656
  • GHSA-2cww-fgmg-4jqc

Severity

8.1

High

CVSS V3

Summary

Keycloak's admin API allows low privilege users to use administrative functions

Description

Users with low privileges (just plain users in the realm) are able to utilize administrative functionalities within Keycloak admin interface. This issue presents a significant security risk as it allows unauthorized users to perform actions reserved for administrators, potentially leading to data breaches or system compromise.

Acknowledgements: Special thanks to Maurizio Agazzini for reporting this issue and helping us improve our project.

References

Updates

Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images

Why Chainguard

Container Image SecurityVulnerability RemediationCompliance and Risk MitigationSoftware Supply Chain SecurityAI/ML Security

Customers

Customer StoriesChainguard Love

Company

About UsOpen SourceCareersNewsroomLegal

Resources

Unchained BlogResearchEventsTrust CenterDocumentation