CVE-2024-4028: 
Java vulnerability analysis and mitigation

A vulnerability (CVE-2024-4028) was discovered in Keycloak, identified on April 22, 2024. This security flaw affects the Keycloak admin console functionality, specifically related to the creation of items such as Resources and Permissions. The vulnerability has been classified with a low severity rating (Red Hat CVE, MITRE CVE).

The vulnerability is characterized as a stored Cross-Site Scripting (XSS) issue that manifests when creating new permissions or resources through the Keycloak admin console. The flaw specifically relates to the permission creation functionality where malicious payloads can be injected during the item creation process (Red Hat Bugzilla).

The vulnerability enables a stored XSS attack within the Keycloak admin console. When successfully exploited, it allows malicious payloads to be stored as permissions, which could potentially affect other administrators accessing the console (MITRE CVE).

The vulnerability has been reported and is currently being tracked with a deadline of February 18, 2025. As of now, specific mitigation details or patches have not been publicly released (Red Hat Bugzilla).