2.7

CVSS Score

3.0

Basic Information

CVE ID

CVE-2024-10492

GHSA ID

GHSA-5545-r4hg-rj4m

EPSS Score

0.0668%

CWE

CWE-73

Published

11/25/2024

Updated

11/25/2024

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2024-10492

CVE-2024-10492: Keycloak Path Traversal Vulnerability Due to External Control of File Name or Path

A vulnerability was found in Keycloak. A user with high privileges could read sensitive information from a Vault file that is not within the expected context. This attacker must have previous high access to the Keycloak server in order to perform resource creation, for example, an LDAP provider configuration and set up a Vault read file, which will only inform whether that file exists or not.

(GitHub Advisory)

2.7

CVSS Score

3.0

Basic Information

CVE ID

CVE-2024-10492

GHSA ID

GHSA-5545-r4hg-rj4m

EPSS Score

0.0668%

CWE

CWE-73

Published

11/25/2024

Updated

11/25/2024

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.keycloak:keycloak-quarkus-server	maven	< 24.0.9	26.0.6
org.keycloak:keycloak-quarkus-server	maven	>= 25.0.0, < 26.0.6	26.0.6

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from insufficient validation in key resolution logic. The commit d60cb9a introduced critical fixes: 1) Escaping underscores in KEY_ONLY to prevent resolver conflicts, 2) Path validation in FilesPlainTextVaultProvider to block traversal, and 3) Key sanitization in AbstractVaultProvider. The affected functions handled key resolution without proper path normalization/validation, enabling crafted keys to escape the vault's intended directory structure. Test cases in PlainTextVaultProviderTest confirm scenarios where keys with '../' or unescaped underscores would have been exploitable pre-patch.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* vuln*r**ility w*s *oun* in K*y*lo*k. * us*r wit* *i** privil***s *oul* r*** s*nsitiv* in*orm*tion *rom * V*ult *il* t**t is not wit*in t** *xp**t** *ont*xt. T*is *tt**k*r must **v* pr*vious *i** ****ss to t** K*y*lo*k s*rv*r in or**r to p*r*orm r*s

Reasoning

T** vuln*r**ility st*ms *rom insu**i*i*nt `v*li**tion` in k*y r*solution lo*i*. T** *ommit ******* intro*u*** *riti**l *ix*s: *) *s**pin* un**rs*or*s in `K*Y_ONLY` to pr*v*nt r*solv*r *on*li*ts, *) P*t* `v*li**tion` in `*il*sPl*inT*xtV*ultProvi**r` t

2.7

Basic Information

Concerned about an active attack path?

CVE-2024-10492: Keycloak Path Traversal Vulnerability Due to External Control of File Name or Path

2.7

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI