Keycloak Security Update Advisory (CVE-2024-3656)

Oct 14 2024

Overview

An update has been released to address vulnerabilities in Keycloak. Users of the affected versions are advised to update to the latest version.

Affected Products

CVE-2024-3656

Keycloak versions: ~ 24.0.5 (excluded)

Resolved Vulnerabilities

Vulnerability in Keycloak’s Admin REST API on certain endpoints that allows low-privileged users to access administrative functions (CVE-2024-3656)

Vulnerability Patches

The following product-specific Vulnerability Patches have been made available with the latest update. If you are using an affected version, Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-3656

Keycloak version: 24.0.5

References

[1] CVE-2024-3656 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-3656

[2] Keycloak’s admin API allows low privilege users to use administrative functions

https://github.com/advisories/GHSA-2cww-fgmg-4jqc

Keycloak Security Update Advisory (CVE-2024-3656)

Fortinet Product Security Update Advisory (CVE-2024-23113)

SonicWall Family October 2024 1st Security Update Advisory

Tags:

Fortinet Product Security Update Advisory (CVE-2024-23113)

SonicWall Family October 2024 1st Security Update Advisory