{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-3656", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2024-04-11T13:57:15.173Z", "datePublished": "2024-10-09T18:59:11.101Z", "dateUpdated": "2025-09-23T05:04:43.493Z"}, "containers": {"cna": {"title": "Keycloak: unguarded admin rest api endpoints allows low privilege users to use administrative functionalities", "metrics": [{"other": {"content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise."}], "affected": [{"versions": [{"status": "affected", "version": "0", "lessThan": "24.0.5", "versionType": "semver"}], "packageName": "keycloak", "collectionURL": "https://github.com/keycloak/keycloak", "defaultStatus": "unaffected"}, {"vendor": "Red Hat", "product": "Red Hat Build of Keycloak", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:build_keycloak:22"]}, {"vendor": "Red Hat", "product": "Red Hat Single Sign-On 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:red_hat_single_sign_on:7.6"]}, {"vendor": "Red Hat", "product": "Red Hat Build of Keycloak", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "org.keycloak-keycloak-parent", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:build_keycloak:"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 8", "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "packageName": "org.keycloak-keycloak-parent", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:8"]}, {"vendor": "Red Hat", "product": "Red Hat Single Sign-On 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "org.keycloak-keycloak-parent", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:red_hat_single_sign_on:7"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:3572", "name": "RHSA-2024:3572", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3575", "name": "RHSA-2024:3575", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-3656", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274403", "name": "RHBZ#2274403", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://github.com/advisories/GHSA-2cww-fgmg-4jqc"}], "datePublic": "2024-10-09T18:11:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "timeline": [{"lang": "en", "time": "2024-04-09T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-10-09T18:11:00+00:00", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank Maurizio Agazzini for reporting this issue. Upstream acknowledges the Keycloak project as the original reporter."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-09-23T05:04:43.493Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-09T19:18:03.646470Z", "id": "CVE-2024-3656", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-09T19:18:12.613Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-11-14T16:58:52.300Z"}, "references": [{"url": "https://security.humanativaspa.it/an-analysis-of-the-keycloak-authentication-system/"}, {"url": "https://news.ycombinator.com/item?id=42136000"}, {"url": "https://github.com/hnsecurity/vulns/blob/main/HNS-2024-08-Keycloak.md"}], "title": "CVE Program Container", "x_generator": {"engine": "ADPogram 0.0.1"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://security.humanativaspa.it/an-analysis-of-the-keycloak-authentication-system/"}, {"url": "https://news.ycombinator.com/item?id=42136000"}, {"url": "https://github.com/hnsecurity/vulns/blob/main/HNS-2024-08-Keycloak.md"}], "x_generator": {"engine": "ADPogram 0.0.1"}, "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-11-14T16:58:52.300Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-3656", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-09T19:18:03.646470Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-09T19:18:08.398Z"}}], "cna": {"title": "Keycloak: unguarded admin rest api endpoints allows low privilege users to use administrative functionalities", "credits": [{"lang": "en", "value": "Red Hat would like to thank Maurizio Agazzini for reporting this issue. Upstream acknowledges the Keycloak project as the original reporter."}], "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"versions": [{"status": "affected", "version": "0", "lessThan": "24.0.5", "versionType": "semver"}], "packageName": "keycloak", "collectionURL": "https://github.com/keycloak/keycloak", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:build_keycloak:22"], "vendor": "Red Hat", "product": "Red Hat Build of Keycloak", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:red_hat_single_sign_on:7.6"], "vendor": "Red Hat", "product": "Red Hat Single Sign-On 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:build_keycloak:"], "vendor": "Red Hat", "product": "Red Hat Build of Keycloak", "packageName": "org.keycloak-keycloak-parent", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:8"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 8", "packageName": "org.keycloak-keycloak-parent", "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:red_hat_single_sign_on:7"], "vendor": "Red Hat", "product": "Red Hat Single Sign-On 7", "packageName": "org.keycloak-keycloak-parent", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2024-04-09T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-10-09T18:11:00+00:00", "value": "Made public."}], "datePublic": "2024-10-09T18:11:00.000Z", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:3572", "name": "RHSA-2024:3572", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3575", "name": "RHSA-2024:3575", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-3656", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274403", "name": "RHBZ#2274403", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://github.com/advisories/GHSA-2cww-fgmg-4jqc"}], "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "descriptions": [{"lang": "en", "value": "A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-09-23T05:04:43.493Z"}, "x_redhatCweChain": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"}}, "cveMetadata": {"cveId": "CVE-2024-3656", "state": "PUBLISHED", "dateUpdated": "2025-09-23T05:04:43.493Z", "dateReserved": "2024-04-11T13:57:15.173Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2024-10-09T18:59:11.101Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en Keycloak. Ciertos endpoints en la API REST de administraci\u00f3n de Keycloak permiten que usuarios con pocos privilegios accedan a funcionalidades administrativas. Esta falla permite que los usuarios realicen acciones reservadas para administradores, lo que puede provocar violaciones de datos o comprometer el sistema."}], "id": "CVE-2024-3656", "lastModified": "2024-12-23T14:15:05.553", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2024-10-09T19:15:13.547", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:3572"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:3575"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2024-3656"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274403"}, {"source": "secalert@redhat.com", "url": "https://github.com/advisories/GHSA-2cww-fgmg-4jqc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/hnsecurity/vulns/blob/main/HNS-2024-08-Keycloak.md"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://news.ycombinator.com/item?id=42136000"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.humanativaspa.it/an-analysis-of-the-keycloak-authentication-system/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank Maurizio Agazzini for reporting this issue. Upstream acknowledges the Keycloak project as the original reporter.", "affected_release": [{"advisory": "RHSA-2024:3575", "cpe": "cpe:/a:redhat:build_keycloak:22", "product_name": "Red Hat Build of Keycloak", "release_date": "2024-06-03T00:00:00Z"}, {"advisory": "RHSA-2024:3572", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6", "product_name": "Red Hat Single Sign-On 7", "release_date": "2024-06-03T00:00:00Z"}], "bugzilla": {"description": "keycloak: Unguarded admin REST API endpoints allows low privilege users to use administrative functionalities", "id": "2274403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274403"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "status": "verified"}, "cwe": "CWE-200", "details": ["A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise.", "A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-3656", "package_state": [{"cpe": "cpe:/a:redhat:build_keycloak:", "fix_state": "Affected", "package_name": "org.keycloak-keycloak-parent", "product_name": "Red Hat Build of Keycloak"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "fix_state": "Affected", "package_name": "org.keycloak-keycloak-parent", "product_name": "Red Hat JBoss Enterprise Application Platform 8"}, {"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7", "fix_state": "Affected", "package_name": "org.keycloak-keycloak-parent", "product_name": "Red Hat Single Sign-On 7"}], "public_date": "2024-10-09T18:11:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-3656\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-3656\nhttps://github.com/advisories/GHSA-2cww-fgmg-4jqc"], "statement": "Red Hat has evaluated this vulnerability. This affects only Keycloak server and no Keycloak clients library ship the affected code.", "threat_severity": "Important"}