1. Home
  2. Vulnerabilities
  3. CVE-2024-4540

CVE-2024-4540

CVSS v3.1 7.5 (High)
75% Progress
EPSS 0.04 % (14th)
0.04% Progress
Advisories 1
NVD Status Awaiting Analysis
Info CVSS EPSS CAPEC References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests (PAR). Client-provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization server's HTTP response to a request_uri authorization request, possibly leading to an information disclosure vulnerability.

Weaknesses
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE Status
PUBLISHED
NVD Status
Awaiting Analysis
CNA
Red Hat, Inc.
Published Date
2024-06-03 16:15:08
(3 months ago)
Updated Date
2024-06-03 23:15:08
(3 months ago)