A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests (PAR). Client-provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization servers HTTP response to a request_uri authorization request, possibly leading to an information disclosure vulnerability.
Weakness
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Red Hat Build of Keycloak | RedHat | * | |
| Red Hat Build of Keycloak | RedHat | * | |
| Red Hat build of Keycloak 22 | RedHat | rhbk/keycloak-operator-bundle:22.0.11-2 | * |
| Red Hat build of Keycloak 22 | RedHat | rhbk/keycloak-rhel9:22-15 | * |
| Red Hat build of Keycloak 22 | RedHat | rhbk/keycloak-rhel9-operator:22-18 | * |
| Red Hat build of Keycloak 24 | RedHat | rhbk/keycloak-operator-bundle:24.0.5-2 | * |
| Red Hat build of Keycloak 24 | RedHat | rhbk/keycloak-rhel9:24-10 | * |
| Red Hat build of Keycloak 24 | RedHat | rhbk/keycloak-rhel9-operator:24-10 | * |
| Red Hat Single Sign-On 7 | RedHat | * | |
| Red Hat Single Sign-On 7.6 for RHEL 7 | RedHat | rh-sso7-keycloak-0:18.0.14-1.redhat_00001.1.el7sso | * |
| Red Hat Single Sign-On 7.6 for RHEL 8 | RedHat | rh-sso7-keycloak-0:18.0.14-1.redhat_00001.1.el8sso | * |
| Red Hat Single Sign-On 7.6 for RHEL 9 | RedHat | rh-sso7-keycloak-0:18.0.14-1.redhat_00001.1.el9sso | * |
| RHEL-8 based Middleware Containers | RedHat | rh-sso-7/sso76-openshift-rhel8:7.6-49 | * |
Potential Mitigations
Related Attack Patterns
References
- https://access.redhat.com/errata/RHSA-2024:3566
- https://access.redhat.com/errata/RHSA-2024:3567
- https://access.redhat.com/errata/RHSA-2024:3568
- https://access.redhat.com/errata/RHSA-2024:3570
- https://access.redhat.com/errata/RHSA-2024:3572
- https://access.redhat.com/errata/RHSA-2024:3573
- https://access.redhat.com/errata/RHSA-2024:3574
- https://access.redhat.com/errata/RHSA-2024:3575
- https://access.redhat.com/errata/RHSA-2024:3576
- https://access.redhat.com/security/cve/CVE-2024-4540
- https://bugzilla.redhat.com/show_bug.cgi?id=2279303
- https://access.redhat.com/errata/RHSA-2024:3566
- https://access.redhat.com/errata/RHSA-2024:3567
- https://access.redhat.com/errata/RHSA-2024:3568
- https://access.redhat.com/errata/RHSA-2024:3570
- https://access.redhat.com/errata/RHSA-2024:3572
- https://access.redhat.com/errata/RHSA-2024:3573
- https://access.redhat.com/errata/RHSA-2024:3574
- https://access.redhat.com/errata/RHSA-2024:3575
- https://access.redhat.com/errata/RHSA-2024:3576
- https://access.redhat.com/security/cve/CVE-2024-4540
- https://bugzilla.redhat.com/show_bug.cgi?id=2279303