CVE-2024-11736

MEDIUM

Keycloak < 26.0.8 - Authenticated Sensitive Information Exposure via URL Placeholder Injection

Title source: llm
STIX 2.1

Description

A vulnerability was found in Keycloak. Admin users may have to access sensitive server environment variables and system properties through user-configurable URLs. When configuring backchannel logout URLs or admin URLs, admin users can include placeholders like ${env.VARNAME} or ${PROPNAME}. The server replaces these placeholders with the actual values of environment variables or system properties during URL processing.

References (4)

Core 4
Core References
Issue Tracking issue-tracking x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2328850
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:0299
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:0300
Vendor Advisory vdb-entry x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2024-11736

Scores

CVSS v3 4.9
EPSS 0.0002
EPSS Percentile 5.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-526
Status published
Products (7)
org.keycloak/keycloak-quarkus-server 0 - 26.0.8Maven
Red Hat/Red Hat build of Keycloak 26.0 26.0-7
Red Hat/Red Hat build of Keycloak 26.0 26.0-8
Red Hat/Red Hat build of Keycloak 26.0 26.0.8-1
Red Hat/Red Hat JBoss Enterprise Application Platform 8
Red Hat/Red Hat JBoss Enterprise Application Platform Expansion Pack
Red Hat/RHBK 26.0.8
Published Jan 14, 2025
Tracked Since Feb 18, 2026