Detections
Analytics

Keycloak < 24.0.9, 25.0.x < 26.0.6 Multiple Vulnerabilities

high Nessus Plugin ID 212078

Language:

Synopsis

The remote host is affected by multiple vulnerabilities.

Description

Keycloak versions installed prior to 24.0.9, 25.0 prior to 26.0.6 are affected by multiple vulnerabilities as referenced in the advisory.

 - Deployments of Keycloak with a reverse proxy not using pass-through termination of TLS, with mTLS enabled, are affected. This issue may allow an attacker on the local network to authenticate as any user or client that leverages mTLS as the authentication mechanism. (CVE-2024-10039)

 - If untrusted data is passed to the SearchQueryUtils method, it could lead to a denial of service (DoS) scenario by exhausting system resources due to a Regex complexity. (CVE-2024-10270)

 - A user with high privileges could read sensitive information from a Vault file that is not within the expected context. This attacker must have previous high access to the Keycloak server in order to perform resource creation, for example, an LDAP provider configuration and set up a Vault read file, which will only inform whether that file exists or not. (CVE-2024-10492)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade Keycloak to 24.0.9, 26.0.6 or later.

See Also

https://github.com/advisories/GHSA-jgwc-jh89-rpgq

https://github.com/advisories/GHSA-93ww-43rr-79v3

https://github.com/advisories/GHSA-wq8x-cg39-8mrr

https://github.com/advisories/GHSA-5545-r4hg-rj4m

Plugin Details

Severity: High

ID: 212078

File Name: keycloak_26_0_6.nasl

Version: 1.4

Type: local

Agent: unix

Family: Misc.

Published: 12/5/2024

Updated: 12/9/2024

Configuration: Enable thorough checks

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C

CVSS Score Source: CVE-2024-10270

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS v4

Risk Factor: High

Base Score: 8.4

Threat Score: 7

Threat Vector: CVSS:4.0/E:P

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Vulnerability Information

CPE: cpe:/a:keycloak:keycloak

Required KB Items: Host/local_checks_enabled, Host/uname

Exploit Ease: No known exploits are available

Patch Publication Date: 11/21/2024

Vulnerability Publication Date: 11/21/2024

Reference Information

CVE: CVE-2024-10039, CVE-2024-10270, CVE-2024-10492, CVE-2024-9666

IAVB: 2024-B-0184