🔐 CVE Alert

CVE-2024-5967

LOW 2.7

Keycloak: leak of configured ldap bind credentials through the keycloak admin console

CVSS Score
2.7
EPSS Score
0.1%
EPSS Percentile
33th

A vulnerability was found in Keycloak. The LDAP testing endpoint allows changing the Connection URL  independently without re-entering the currently configured LDAP bind credentials. This flaw allows an attacker with admin access (permission manage-realm) to change the LDAP host URL ("Connection URL") to a machine they control. The Keycloak server will connect to the attacker's host and try to authenticate with the configured credentials, thus leaking them to the attacker. As a consequence, an attacker who has compromised the admin console or compromised a user with sufficient privileges can leak domain credentials and attack the domain.

CWE CWE-276
Published Jun 18, 2024
Last Updated Mar 26, 2026
Stay Ahead of the Next One

Get instant alerts for

Be the first to know when new low vulnerabilities are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Affected Versions

Red Hat / Red Hat Build of Keycloak
All versions affected
Red Hat / Red Hat build of Keycloak 22
All versions affected
Red Hat / Red Hat build of Keycloak 22
All versions affected
Red Hat / Red Hat build of Keycloak 22
All versions affected
Red Hat / Red Hat Single Sign-On 7
All versions affected
Red Hat / Red Hat Single Sign-On 7.6 for RHEL 7
All versions affected
Red Hat / Red Hat Single Sign-On 7.6 for RHEL 8
All versions affected
Red Hat / Red Hat Single Sign-On 7.6 for RHEL 9
All versions affected
Red Hat / RHEL-8 based Middleware Containers
All versions affected

References

NVD ↗ CVE.org ↗ EPSS Data ↗
access.redhat.com: https://access.redhat.com/errata/RHSA-2024:6493 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:6494 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:6495 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:6497 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:6499 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:6500 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:6501 access.redhat.com: https://access.redhat.com/security/cve/CVE-2024-5967 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2292200

Credits

Upstream acknowledges Simon Wessling as the original reporter.