DirectorySecurity Advisories
Sign In
Security Advisories

CGA-mpfw-r73p-h6vx

Published

Last updated

https://images.chainguard.dev/security/CGA-mpfw-r73p-h6vx
Package

keycloak-fips

Latest Update
Fixed
Fixed Version

25.0.0-r0

Aliases
  • CVE-2024-4540
  • GHSA-69fp-7c8p-crjr

Severity

7.5

High

CVSS V3

Summary

Keycloak exposes sensitive information in Pushed Authorization Requests (PAR)

Description

A flaw was found in Keycloak in the OAuth 2.0 Pushed Authorization Requests (PAR). Client provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization server's HTTP response to a request_uri authorization request. This could lead to an information disclosure vulnerability.

References

Updates

Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images

Why Chainguard

Container Image SecurityVulnerability RemediationCompliance and Risk MitigationSoftware Supply Chain SecurityAI/ML Security

Customers

Customer StoriesChainguard Love

Company

About UsOpen SourceCareersNewsroomLegal

Resources

Unchained BlogResearchEventsTrust CenterDocumentation