DirectorySecurity Advisories
Sign In
Security Advisories

CVE-2024-4540

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-4540

CGA ID

CGA-mpfw-r73p-h6vx

Severity

7.5

High

CVSS V3

Summary

Keycloak exposes sensitive information in Pushed Authorization Requests (PAR)

Description

A flaw was found in Keycloak in the OAuth 2.0 Pushed Authorization Requests (PAR). Client provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization server's HTTP response to a request_uri authorization request. This could lead to an information disclosure vulnerability.

References

Affected packages


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images