CVE-2024-4540
CVSS v3.1
7.5 (High)
EPSS
0.04 % (14th)
Advisories
1
NVD Status
Awaiting Analysis
A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests (PAR). Client-provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization server's HTTP response to a request_uri
authorization request, possibly leading to an information disclosure vulnerability.
Weaknesses
- CWE-200
- Exposure of Sensitive Information to an Unauthorized Actor
- CVE Status
- PUBLISHED
- NVD Status
- Awaiting Analysis
- CNA
- Red Hat, Inc.
- Published Date
-
2024-06-03 16:15:08
(3 months ago) - Updated Date
-
2024-06-03 23:15:08
(3 months ago)
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...