GHSA-6mpx-pmgp-ww49 – org.keycloak:keycloak-quarkus-server

Package

Manager: maven
Name: org.keycloak:keycloak-quarkus-server
Vulnerable Version: <0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: N/A

EPSS: N/A pctlN/A

Details

Duplicate Advisory: Keycloak vulnerable to Cleartext Transmission of Sensitive Information # Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-g6qq-c9f9-2772. This link is maintained to preserve external references. # Original Description A vulnerability was found in Keycloak. The environment option `KC_CACHE_EMBEDDED_MTLS_ENABLED` does not work and the JGroups replication configuration is always used in plain text which can allow an attacker that has access to adjacent networks related to JGroups to read sensitive information.

Metadata

Created: 2024-12-18T00:31:23Z
Modified: 2025-02-05T21:16:21Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/12/GHSA-6mpx-pmgp-ww49/GHSA-6mpx-pmgp-ww49.json
CWE IDs: ["CWE-319"]
Alternative ID: N/A
Finding: N/A
Auto approve: 0