Nixpkgs Security Tracker

Accepted

Permalink CVE-2024-3656

updated 1 year, 1 month ago by @LeSuisse Activity log

Created automatic suggestion 1 year, 1 month ago
@LeSuisse accepted 1 year, 1 month ago

Keycloak: unguarded admin rest api endpoints allows low privilege users to use administrative functionalities

A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise.

Affected products

keycloak

<24.0.5

Red Hat Single Sign-On 7

Red Hat Build of Keycloak

org.keycloak-keycloak-parent

Matching in nixpkgs

pkgs.keycloak

Identity and access management for modern applications and services

nixos-unstable 26.0.6
- nixpkgs-unstable 26.0.6
- nixos-unstable-small 26.0.7

Package maintainers

@ngerstle Nicholas Gerstle <ngerstle@gmail.com>
@NickCao Nick Cao <nickcao@nichi.co>
@talyz Kim Lindberger <kim.lindberger@gmail.com>

Suggestion detail

Affected products

Matching in nixpkgs

pkgs.keycloak

Package maintainers