You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
CVE-2024-10973 - Cleartext Transmission of Sensitive Information in org.keycloak:keycloak-quarkus-server
org.keycloak:keycloak-quarkus-server
Introduced through: org.keycloak:[email protected] › org.keycloak:[email protected]
Overview
Affected versions of this package are vulnerable to Cleartext Transmission of Sensitive Information due to the improper handling of the KC_CACHE_EMBEDDED_MTLS_ENABLED environment option. This option is ignored, causing JGroups configuration for Infinispan clusters to be visible in plain text. An attacker can read sensitive information by accessing adjacent networks related to JGroups.
Remediation
A fix was pushed into the master branch but not yet published.
CVE-2024-10973 - Cleartext Transmission of Sensitive Information in org.keycloak:keycloak-quarkus-server
org.keycloak:keycloak-quarkus-server
Introduced through: org.keycloak:[email protected] › org.keycloak:[email protected]
Overview
Affected versions of this package are vulnerable to Cleartext Transmission of Sensitive Information due to the improper handling of the
KC_CACHE_EMBEDDED_MTLS_ENABLEDenvironment option. This option is ignored, causing JGroups configuration for Infinispan clusters to be visible in plain text. An attacker can read sensitive information by accessing adjacent networks related to JGroups.Remediation
A fix was pushed into the
masterbranch but not yet published.References
The text was updated successfully, but these errors were encountered: