VDB
CVE-2024-4540
CVE-2024-4540
PUBLISHED
Es besteht eine Schwachstelle in Red Hat Single Sign On und Keycloak. Dieser Fehler besteht in der OAuth 2.0 Pushed Authorization Requests (PAR) Komponente, da sensible Daten im Klartext in der http-Antwort gespeichert sind. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen.
EPSS 0.31% · 54.2th percentile
Risk Scores
EPSS Score
0.31%
54.2th percentile
Timeline
- Jun 3, 2024 CVE Published
- Jun 4, 2024 EPSS Score
- Jun 28, 2024 EPSS Score
- Jul 21, 2024 EPSS Score
- Aug 14, 2024 EPSS Score
- Sep 6, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score
- Oct 22, 2024 EPSS Score
- Nov 14, 2024 EPSS Score
- Dec 8, 2024 EPSS Score
- Jan 1, 2025 EPSS Score
- Jan 24, 2025 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1279.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1279 advisory
- https://access.redhat.com/errata/RHSA-2024:3566 advisory
- https://access.redhat.com/errata/RHSA-2024:3567 advisory
- https://access.redhat.com/errata/RHSA-2024:3570 advisory
- https://access.redhat.com/errata/RHSA-2024:3572 advisory
- https://access.redhat.com/errata/RHSA-2024:3573 advisory
- https://access.redhat.com/errata/RHSA-2024:3574 advisory
- https://access.redhat.com/errata/RHSA-2024:3575 advisory
- https://access.redhat.com/errata/RHSA-2024:3576 advisory