CVE-2024-10039
HIGH7.1Keycloak mTLS Authentication Bypass via Reverse Proxy TLS Termination
發布日:2024/11/25修改日:2026/2/4
描述
A vulnerability was found in Keycloak. Deployments of Keycloak with a reverse proxy not using pass-through termination of TLS, with mTLS enabled, are affected. This issue may allow an attacker on the local network to authenticate as any user or client that leverages mTLS as the authentication mechanism.
受影響套件(1)
- Maven/org.keycloak:keycloak-corefrom 0, < 26.0.6
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.1 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |