A vulnerability was found in Keycloak. Admin users may have to access sensitive server environment variables and system properties through user-configurable URLs. When configuring backchannel logout URLs or admin URLs, admin users can include placeholders like ${env.VARNAME} or ${PROPNAME}. The server replaces these placeholders with the actual values of environment variables or system properties during URL processing.
Fixes

Solution

No solution given by the vendor.


Workaround

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

History

Tue, 14 Jan 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 14 Jan 2025 08:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in Keycloak. Admin users may have to access sensitive server environment variables and system properties through user-configurable URLs. When configuring backchannel logout URLs or admin URLs, admin users can include placeholders like ${env.VARNAME} or ${PROPNAME}. The server replaces these placeholders with the actual values of environment variables or system properties during URL processing.
Title Org.keycloak:keycloak-quarkus-server: unrestricted admin use of system and environment variables
First Time appeared Redhat
Redhat build Keycloak
Redhat jboss Enterprise Application Platform
Redhat jbosseapxp
Weaknesses CWE-526
CPEs cpe:/a:redhat:build_keycloak:26.0
cpe:/a:redhat:build_keycloak:26.0::el9
cpe:/a:redhat:jboss_enterprise_application_platform:8
cpe:/a:redhat:jbosseapxp
Vendors & Products Redhat
Redhat build Keycloak
Redhat jboss Enterprise Application Platform
Redhat jbosseapxp
References
Metrics threat_severity

None

cvssV3_1

{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N'}

threat_severity

Moderate


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-08-30T09:20:05.001Z

Reserved: 2024-11-26T04:36:51.824Z

Link: CVE-2024-11736

cve-icon Vulnrichment

Updated: 2025-01-14T14:44:31.729Z

cve-icon NVD

Status : Received

Published: 2025-01-14T09:15:20.750

Modified: 2025-01-14T09:15:20.750

Link: CVE-2024-11736

cve-icon Redhat

Severity : Moderate

Publid Date: 2025-01-13T13:24:00Z

Links: CVE-2024-11736 - Bugzilla

cve-icon OpenCVE Enrichment

No data.