DirectorySecurity Advisories
Sign In
Security Advisories

CVE-2024-3656

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-3656

CGA ID

CGA-4qmx-6685-qc88

Severity

8.1

High

CVSS V3

Summary

Keycloak's admin API allows low privilege users to use administrative functions

Description

Users with low privileges (just plain users in the realm) are able to utilize administrative functionalities within Keycloak admin interface. This issue presents a significant security risk as it allows unauthorized users to perform actions reserved for administrators, potentially leading to data breaches or system compromise.

Acknowledgements: Special thanks to Maurizio Agazzini for reporting this issue and helping us improve our project.

References

Affected packages


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images