cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-11736,https://securityvulnerability.io/vulnerability/CVE-2024-11736,Configuration Vulnerability in Keycloak Affects Sensitive Server Information,"A configuration exposure vulnerability has been identified in Keycloak that allows admin users to access sensitive server environment variables and system properties through crafted user-configurable URLs. By manipulating backchannel logout URLs or admin URLs using placeholders like ${env.VARNAME} or ${PROPNAME}, administrators can inadvertently disclose critical server information, as the server processes and substitutes these placeholders with their actual values. This vulnerability poses a significant risk, particularly if the exposed variables contain sensitive data.",Red Hat,"Red Hat Build Of Keycloak 26.0,Rhbk 26.0.8,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform Expansion Pack",4.9,MEDIUM,0.01,false,false,false,false,false,false,false,2025-01-14T08:36:08.583Z,0
CVE-2024-11734,https://securityvulnerability.io/vulnerability/CVE-2024-11734,Denial of Service Vulnerability in Keycloak by Red Hat,"A vulnerability exists in Keycloak that can be exploited by an administrative user possessing the authority to alter realm settings. By modifying security headers and introducing newline characters, the Keycloak server may attempt to process a request that has already been terminated. This can lead to a denial of service, effectively disrupting the service for users. It is crucial for administrators to be aware of this vulnerability and to apply the necessary mitigations promptly.",Red Hat,"Red Hat Build Of Keycloak 26.0,Rhbk 26.0.8,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform Expansion Pack",6.5,MEDIUM,0.01,false,false,false,false,false,false,false,2025-01-14T08:35:42.107Z,0