Ecosyste.ms: Advisories

Security Advisories: GSA_kwCzR0hTQS0yY3d3LWZnbWctNGpxY84AA88y

Keycloak's admin API allows low privilege users to use administrative functions

Users with low privileges (just plain users in the realm) are able to utilize administrative functionalities within Keycloak admin interface. This issue presents a significant security risk as it allows unauthorized users to perform actions reserved for administrators, potentially leading to data breaches or system compromise.

Acknowledgements:
Special thanks to Maurizio Agazzini for reporting this issue and helping us improve our project.

Permalink: https://github.com/advisories/GHSA-2cww-fgmg-4jqc
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0yY3d3LWZnbWctNGpxY84AA88y
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 3 months ago
Updated: 3 months ago

CVSS Score: 8.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Identifiers: GHSA-2cww-fgmg-4jqc, CVE-2024-3656
References:

• https://github.com/keycloak/keycloak/security/advisories/GHSA-2cww-fgmg-4jqc
• https://github.com/keycloak/keycloak/commit/d9f0c84b797525eac55914db5f81a8133ef5f9b1
• https://github.com/advisories/GHSA-2cww-fgmg-4jqc

Repository: https://github.com/keycloak/keycloak
Blast Radius: 22.3

Affected Packages