CVE-2024-4540

{"id": "CVE-2024-4540", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-06-03T16:15:08.993", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:3566", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:3567", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:3568", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:3570", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:3572", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:3573", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:3574", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:3575", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:3576", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2024-4540", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279303", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:3566", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/errata/RHSA-2024:3567", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/errata/RHSA-2024:3568", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/errata/RHSA-2024:3570", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/errata/RHSA-2024:3572", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/errata/RHSA-2024:3573", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/errata/RHSA-2024:3574", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/errata/RHSA-2024:3575", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/errata/RHSA-2024:3576", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/security/cve/CVE-2024-4540", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279303", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests (PAR). Client-provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization server's HTTP response to a `request_uri` authorization request, possibly leading to an information disclosure vulnerability."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en Keycloak en las solicitudes de autorizaci\u00f3n push (PAR) de OAuth 2.0. Se descubri\u00f3 que los par\u00e1metros proporcionados por el cliente estaban incluidos en texto plano en la cookie KC_RESTART devuelta por la respuesta HTTP del servidor de autorizaci\u00f3n a una solicitud de autorizaci\u00f3n `request_uri`, lo que posiblemente conduzca a una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n."}], "lastModified": "2024-11-21T09:43:04.063", "sourceIdentifier": "secalert@redhat.com"}