{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-4540", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2024-05-06T11:02:39.841Z", "datePublished": "2024-06-03T15:33:18.191Z", "dateUpdated": "2025-09-12T20:11:25.640Z"}, "containers": {"cna": {"title": "Keycloak: exposure of sensitive information in pushed authorization requests (par) kc_restart cookie", "metrics": [{"other": {"content": {"value": "Low", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests (PAR). Client-provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization server's HTTP response to a `request_uri` authorization request, possibly leading to an information disclosure vulnerability."}], "affected": [{"repo": "https://github.com/keycloak/keycloak", "versions": [{"status": "unaffected", "version": "d5e82356f90893ca3b308a7e10020103e402369a", "lessThan": "*", "versionType": "git"}], "packageName": "keycloak", "collectionURL": "https://github.com/keycloak/keycloak"}, {"vendor": "Red Hat", "product": "Red Hat Build of Keycloak", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected", "packageName": "keycloak-core", "cpes": ["cpe:/a:redhat:build_keycloak:22"]}, {"vendor": "Red Hat", "product": "Red Hat Build of Keycloak", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected", "packageName": "keycloak-core", "cpes": ["cpe:/a:redhat:build_keycloak:22"]}, {"vendor": "Red Hat", "product": "Red Hat build of Keycloak 22", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhbk/keycloak-operator-bundle", "defaultStatus": "affected", "versions": [{"version": "22.0.11-2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:build_keycloak:22::el9"]}, {"vendor": "Red Hat", "product": "Red Hat build of Keycloak 22", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhbk/keycloak-rhel9", "defaultStatus": "affected", "versions": [{"version": "22-15", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:build_keycloak:22::el9"]}, {"vendor": "Red Hat", "product": "Red Hat build of Keycloak 22", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhbk/keycloak-rhel9-operator", "defaultStatus": "affected", "versions": [{"version": "22-18", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:build_keycloak:22::el9"]}, {"vendor": "Red Hat", "product": "Red Hat build of Keycloak 24", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhbk/keycloak-operator-bundle", "defaultStatus": "affected", "versions": [{"version": "24.0.5-2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:build_keycloak:24::el9"]}, {"vendor": "Red Hat", "product": "Red Hat build of Keycloak 24", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhbk/keycloak-rhel9", "defaultStatus": "affected", "versions": [{"version": "24-10", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:build_keycloak:24::el9"]}, {"vendor": "Red Hat", "product": "Red Hat build of Keycloak 24", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhbk/keycloak-rhel9-operator", "defaultStatus": "affected", "versions": [{"version": "24-10", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:build_keycloak:24::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Single Sign-On 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected", "packageName": "keycloak-core", "cpes": ["cpe:/a:redhat:red_hat_single_sign_on:7.6"]}, {"vendor": "Red Hat", "product": "Red Hat Single Sign-On 7.6 for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rh-sso7-keycloak", "defaultStatus": "affected", "versions": [{"version": "0:18.0.14-1.redhat_00001.1.el7sso", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"]}, {"vendor": "Red Hat", "product": "Red Hat Single Sign-On 7.6 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rh-sso7-keycloak", "defaultStatus": "affected", "versions": [{"version": "0:18.0.14-1.redhat_00001.1.el8sso", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Single Sign-On 7.6 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rh-sso7-keycloak", "defaultStatus": "affected", "versions": [{"version": "0:18.0.14-1.redhat_00001.1.el9sso", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"]}, {"vendor": "Red Hat", "product": "RHEL-8 based Middleware Containers", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rh-sso-7/sso76-openshift-rhel8", "defaultStatus": "affected", "versions": [{"version": "7.6-49", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhosemc:1.0::el8"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:3566", "name": "RHSA-2024:3566", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3567", "name": "RHSA-2024:3567", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3568", "name": "RHSA-2024:3568", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3570", "name": "RHSA-2024:3570", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3572", "name": "RHSA-2024:3572", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3573", "name": "RHSA-2024:3573", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3574", "name": "RHSA-2024:3574", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3575", "name": "RHSA-2024:3575", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3576", "name": "RHSA-2024:3576", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-4540", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279303", "name": "RHBZ#2279303", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2024-06-03T00:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-315->CWE-200: Cleartext Storage of Sensitive Information in a Cookie leads to Exposure of Sensitive Information to an Unauthorized Actor", "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "timeline": [{"lang": "en", "time": "2024-05-06T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-06-03T00:00:00+00:00", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank Manuel Schallar for reporting this issue."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-09-12T20:11:25.640Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-4540", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-03T16:13:25.347543Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:53:04.999Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:40:47.507Z"}, "title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:3566", "name": "RHSA-2024:3566", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3567", "name": "RHSA-2024:3567", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3568", "name": "RHSA-2024:3568", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3570", "name": "RHSA-2024:3570", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3572", "name": "RHSA-2024:3572", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3573", "name": "RHSA-2024:3573", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3574", "name": "RHSA-2024:3574", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3575", "name": "RHSA-2024:3575", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3576", "name": "RHSA-2024:3576", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-4540", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279303", "name": "RHBZ#2279303", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:3566", "name": "RHSA-2024:3566", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3567", "name": "RHSA-2024:3567", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3568", "name": "RHSA-2024:3568", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3570", "name": "RHSA-2024:3570", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3572", "name": "RHSA-2024:3572", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3573", "name": "RHSA-2024:3573", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3574", "name": "RHSA-2024:3574", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3575", "name": "RHSA-2024:3575", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3576", "name": "RHSA-2024:3576", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-4540", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279303", "name": "RHBZ#2279303", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:40:47.507Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-4540", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-03T16:13:25.347543Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-03T16:13:34.591Z"}}], "cna": {"title": "Keycloak: exposure of sensitive information in pushed authorization requests (par) kc_restart cookie", "credits": [{"lang": "en", "value": "Red Hat would like to thank Manuel Schallar for reporting this issue."}], "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Low", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"repo": "https://github.com/keycloak/keycloak", "versions": [{"status": "unaffected", "version": "d5e82356f90893ca3b308a7e10020103e402369a", "lessThan": "*", "versionType": "git"}], "packageName": "keycloak", "collectionURL": "https://github.com/keycloak/keycloak"}, {"cpes": ["cpe:/a:redhat:build_keycloak:22"], "vendor": "Red Hat", "product": "Red Hat Build of Keycloak", "packageName": "keycloak-core", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:build_keycloak:22"], "vendor": "Red Hat", "product": "Red Hat Build of Keycloak", "packageName": "keycloak-core", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:build_keycloak:22::el9"], "vendor": "Red Hat", "product": "Red Hat build of Keycloak 22", "versions": [{"status": "unaffected", "version": "22.0.11-2", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhbk/keycloak-operator-bundle", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:build_keycloak:22::el9"], "vendor": "Red Hat", "product": "Red Hat build of Keycloak 22", "versions": [{"status": "unaffected", "version": "22-15", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhbk/keycloak-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:build_keycloak:22::el9"], "vendor": "Red Hat", "product": "Red Hat build of Keycloak 22", "versions": [{"status": "unaffected", "version": "22-18", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhbk/keycloak-rhel9-operator", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:build_keycloak:24::el9"], "vendor": "Red Hat", "product": "Red Hat build of Keycloak 24", "versions": [{"status": "unaffected", "version": "24.0.5-2", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhbk/keycloak-operator-bundle", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:build_keycloak:24::el9"], "vendor": "Red Hat", "product": "Red Hat build of Keycloak 24", "versions": [{"status": "unaffected", "version": "24-10", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhbk/keycloak-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:build_keycloak:24::el9"], "vendor": "Red Hat", "product": "Red Hat build of Keycloak 24", "versions": [{"status": "unaffected", "version": "24-10", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhbk/keycloak-rhel9-operator", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:red_hat_single_sign_on:7.6"], "vendor": "Red Hat", "product": "Red Hat Single Sign-On 7", "packageName": "keycloak-core", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"], "vendor": "Red Hat", "product": "Red Hat Single Sign-On 7.6 for RHEL 7", "versions": [{"status": "unaffected", "version": "0:18.0.14-1.redhat_00001.1.el7sso", "lessThan": "*", "versionType": "rpm"}], "packageName": "rh-sso7-keycloak", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"], "vendor": "Red Hat", "product": "Red Hat Single Sign-On 7.6 for RHEL 8", "versions": [{"status": "unaffected", "version": "0:18.0.14-1.redhat_00001.1.el8sso", "lessThan": "*", "versionType": "rpm"}], "packageName": "rh-sso7-keycloak", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"], "vendor": "Red Hat", "product": "Red Hat Single Sign-On 7.6 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:18.0.14-1.redhat_00001.1.el9sso", "lessThan": "*", "versionType": "rpm"}], "packageName": "rh-sso7-keycloak", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhosemc:1.0::el8"], "vendor": "Red Hat", "product": "RHEL-8 based Middleware Containers", "versions": [{"status": "unaffected", "version": "7.6-49", "lessThan": "*", "versionType": "rpm"}], "packageName": "rh-sso-7/sso76-openshift-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2024-05-06T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-06-03T00:00:00+00:00", "value": "Made public."}], "datePublic": "2024-06-03T00:00:00.000Z", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:3566", "name": "RHSA-2024:3566", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3567", "name": "RHSA-2024:3567", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3568", "name": "RHSA-2024:3568", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3570", "name": "RHSA-2024:3570", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3572", "name": "RHSA-2024:3572", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3573", "name": "RHSA-2024:3573", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3574", "name": "RHSA-2024:3574", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3575", "name": "RHSA-2024:3575", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3576", "name": "RHSA-2024:3576", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-4540", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279303", "name": "RHBZ#2279303", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "descriptions": [{"lang": "en", "value": "A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests (PAR). Client-provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization server's HTTP response to a `request_uri` authorization request, possibly leading to an information disclosure vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-09-12T20:11:25.640Z"}, "x_redhatCweChain": "CWE-315->CWE-200: Cleartext Storage of Sensitive Information in a Cookie leads to Exposure of Sensitive Information to an Unauthorized Actor"}}, "cveMetadata": {"cveId": "CVE-2024-4540", "state": "PUBLISHED", "dateUpdated": "2025-09-12T20:11:25.640Z", "dateReserved": "2024-05-06T11:02:39.841Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2024-06-03T15:33:18.191Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests (PAR). Client-provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization server's HTTP response to a `request_uri` authorization request, possibly leading to an information disclosure vulnerability."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en Keycloak en las solicitudes de autorizaci\u00f3n push (PAR) de OAuth 2.0. Se descubri\u00f3 que los par\u00e1metros proporcionados por el cliente estaban incluidos en texto plano en la cookie KC_RESTART devuelta por la respuesta HTTP del servidor de autorizaci\u00f3n a una solicitud de autorizaci\u00f3n `request_uri`, lo que posiblemente conduzca a una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n."}], "id": "CVE-2024-4540", "lastModified": "2024-11-21T09:43:04.063", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2024-06-03T16:15:08.993", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:3566"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:3567"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:3568"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:3570"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:3572"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:3573"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:3574"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:3575"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:3576"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2024-4540"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279303"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:3566"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:3567"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:3568"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:3570"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:3572"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:3573"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:3574"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:3575"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:3576"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/security/cve/CVE-2024-4540"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279303"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank Manuel Schallar for reporting this issue.", "affected_release": [{"advisory": "RHSA-2024:3574", "cpe": "cpe:/a:redhat:build_keycloak:22", "package": "keycloak-core", "product_name": "Red Hat Build of Keycloak", "release_date": "2024-06-03T00:00:00Z"}, {"advisory": "RHSA-2024:3575", "cpe": "cpe:/a:redhat:build_keycloak:22", "package": "keycloak-core", "product_name": "Red Hat Build of Keycloak", "release_date": "2024-06-03T00:00:00Z"}, {"advisory": "RHSA-2024:3573", "cpe": "cpe:/a:redhat:build_keycloak:22::el9", "package": "rhbk/keycloak-operator-bundle:22.0.11-2", "product_name": "Red Hat build of Keycloak 22", "release_date": "2024-06-03T00:00:00Z"}, {"advisory": "RHSA-2024:3573", "cpe": "cpe:/a:redhat:build_keycloak:22::el9", "package": "rhbk/keycloak-rhel9:22-15", "product_name": "Red Hat build of Keycloak 22", "release_date": "2024-06-03T00:00:00Z"}, {"advisory": "RHSA-2024:3573", "cpe": "cpe:/a:redhat:build_keycloak:22::el9", "package": "rhbk/keycloak-rhel9-operator:22-18", "product_name": "Red Hat build of Keycloak 22", "release_date": "2024-06-03T00:00:00Z"}, {"advisory": "RHSA-2024:3576", "cpe": "cpe:/a:redhat:build_keycloak:24::el9", "package": "rhbk/keycloak-operator-bundle:24.0.5-2", "product_name": "Red Hat build of Keycloak 24", "release_date": "2024-06-03T00:00:00Z"}, {"advisory": "RHSA-2024:3576", "cpe": "cpe:/a:redhat:build_keycloak:24::el9", "package": "rhbk/keycloak-rhel9:24-10", "product_name": "Red Hat build of Keycloak 24", "release_date": "2024-06-03T00:00:00Z"}, {"advisory": "RHSA-2024:3576", "cpe": "cpe:/a:redhat:build_keycloak:24::el9", "package": "rhbk/keycloak-rhel9-operator:24-10", "product_name": "Red Hat build of Keycloak 24", "release_date": "2024-06-03T00:00:00Z"}, {"advisory": "RHSA-2024:3572", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6", "package": "keycloak-core", "product_name": "Red Hat Single Sign-On 7", "release_date": "2024-06-03T00:00:00Z"}, {"advisory": "RHSA-2024:3566", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "package": "rh-sso7-keycloak-0:18.0.14-1.redhat_00001.1.el7sso", "product_name": "Red Hat Single Sign-On 7.6 for RHEL 7", "release_date": "2024-06-03T00:00:00Z"}, {"advisory": "RHSA-2024:3567", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "package": "rh-sso7-keycloak-0:18.0.14-1.redhat_00001.1.el8sso", "product_name": "Red Hat Single Sign-On 7.6 for RHEL 8", "release_date": "2024-06-03T00:00:00Z"}, {"advisory": "RHSA-2024:3568", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "package": "rh-sso7-keycloak-0:18.0.14-1.redhat_00001.1.el9sso", "product_name": "Red Hat Single Sign-On 7.6 for RHEL 9", "release_date": "2024-06-03T00:00:00Z"}, {"advisory": "RHSA-2024:3570", "cpe": "cpe:/a:redhat:rhosemc:1.0::el8", "package": "rh-sso-7/sso76-openshift-rhel8:7.6-49", "product_name": "RHEL-8 based Middleware Containers", "release_date": "2024-06-03T00:00:00Z"}], "bugzilla": {"description": "keycloak: exposure of sensitive information in Pushed Authorization Requests (PAR) KC_RESTART cookie", "id": "2279303", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279303"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified"}, "cwe": "CWE-315->CWE-200", "details": ["A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests (PAR). Client-provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization server's HTTP response to a `request_uri` authorization request, possibly leading to an information disclosure vulnerability.", "A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests (PAR). Client-provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization server's HTTP response to a `request_uri` authorization request, possibly leading to an information disclosure vulnerability."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-4540", "public_date": "2024-06-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-4540\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-4540"], "threat_severity": "Low"}

{}