Created on 2024-11-22 09:53 and updated on 2024-11-22 09:53.
Description
Keycloak release 26.0.6 includes fixes for five vulnerabilities
- GitHub Issue #35213 CVE-2024-10451 Sensitive Data Exposure in Keycloak Build Process
- GitHub Issue #35214 CVE-2024-10270 Potential Denial of Service
- GitHub Issue #35215 CVE-2024-10492 Keycloak path trasversal
- GitHub Issue #35216 CVE-2024-9666 Keycloak proxy header handling Denial-of-Service (DoS) vulnerability
-
GitHub Issue #35217 CVE-2024-10039 Bypassing mTLS validation
-
For more details: https://github.com/keycloak/keycloak/releases/tag/26.0.6
Vulnerabilities included in this bundle
Author
Alexandre DulaunoyCombined sightings
| Author | Vulnerability | Source | Type | Date |
|---|---|---|---|---|
| automation | CVE-2024-9666 | https://infosec.exchange/users/cve/statuses/113542430003456592 | seen | 4 months ago |
| automation | CVE-2024-10492 | https://infosec.exchange/users/cve/statuses/113542463875418232 | seen | 4 months ago |
| automation | CVE-2024-10270 | https://infosec.exchange/users/cve/statuses/113542463845335027 | seen | 4 months ago |
| automation | CVE-2024-10451 | https://infosec.exchange/users/cve/statuses/113542463860675737 | seen | 4 months ago |