Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2024-3656
CVE-2024-3656:
Java vulnerability analysis and mitigation
Overview
A high-severity vulnerability (CVE-2024-3656) was discovered in Keycloak, affecting all versions prior to 24.0.5. The vulnerability allows low-privilege users to access administrative functionalities through certain endpoints in Keycloak's admin REST API. This flaw was discovered by security researcher Maurizio Agazzini and was assigned a CVSS score of 8.1 (Red Hat CVE, NVD).
Technical details
The vulnerability exists within specific endpoints of Keycloak's admin REST API. The affected endpoints include /admin/realms/myrealm/client-registration-policy/providers, /admin/myrealm/console/whoami, and /admin/realms/myrealm/testLDAPConnection. Of particular concern is the testLDAPConnection functionality, which could allow attackers to modify application data and submit LDAP credentials to malicious endpoints. To exploit this vulnerability, an attacker needs access to a non-administrative user account and knowledge of the componentId related to domain authentication, which can be retrieved from KEYCLOAK_SESSION cookies and whoami endpoint responses (HN Security).
Impact
The vulnerability enables unauthorized users to perform administrative actions, potentially leading to data breaches and system compromise. In cases where AD authentication is configured, attackers can modify application data and potentially steal LDAP credentials by redirecting them to attacker-controlled servers (Security Online).
Mitigation and workarounds
The vulnerability has been patched in Keycloak version 24.0.5. Organizations using affected versions are strongly urged to upgrade to the patched version immediately. Red Hat has also released security updates for their build of Keycloak to address this vulnerability (Red Hat Advisory).
Community reactions
The security community expressed concern about the lengthy response time to this vulnerability. The issue was first reported on April 4, 2024, but the fix wasn't published until June 11, 2024. This delay in addressing a critical security vulnerability in a widely-used authentication system has raised questions about the project's security response capabilities (HN Security).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management