- Description
- A vulnerability was found in Keycloak. The environment option `KC_CACHE_EMBEDDED_MTLS_ENABLED` does not work and the JGroups replication configuration is always used in plain text which can allow an attacker that has access to adjacent networks related to JGroups to read sensitive information.
- Source
- secalert@redhat.com
- NVD status
- Received
CVSS 3.1
- Type
- Primary
- Base score
- 5.7
- Impact score
- 3.6
- Exploitability score
- 2.1
- Vector string
- CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
- secalert@redhat.com
- CWE-319
- Hype score
- Not currently trending
CVE-2024-10973 Plain Text JGroups Vulnerability Exposes Sensitive Data in Keycloak A problem was discovered in Keycloak. The setting `KC_CACHE_EMBEDDED_MTLS_ENABLED` doesn't function. Instead, it always uses the ... https://t.co/JBw7OpyhEX
@VulmonFeeds
18 Dec 2024
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10973 A vulnerability was found in Keycloak. The environment option `KC_CACHE_EMBEDDED_MTLS_ENABLED` does not work and the JGroups replication configuration is always used … https://t.co/vANVYqcc8L
@CVEnew
17 Dec 2024
526 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes