Search for vulnerabilities
Vulnerability details: VCID-da4z-mr8a-hfek
Vulnerability ID VCID-da4z-mr8a-hfek
Aliases CVE-2024-10039
GHSA-93ww-43rr-79v3
Summary keycloak-core: mTLS passthrough
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-295 Improper Certificate Validation
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3 7.1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-10039.json
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-93ww-43rr-79v3
cvssv3.1 7.1 https://github.com/keycloak/keycloak
generic_textual HIGH https://github.com/keycloak/keycloak
cvssv3.1 7.1 https://github.com/keycloak/keycloak/issues/35217
generic_textual HIGH https://github.com/keycloak/keycloak/issues/35217
cvssv3.1 7.1 https://github.com/keycloak/keycloak/security/advisories/GHSA-93ww-43rr-79v3
cvssv3.1_qr HIGH https://github.com/keycloak/keycloak/security/advisories/GHSA-93ww-43rr-79v3
generic_textual HIGH https://github.com/keycloak/keycloak/security/advisories/GHSA-93ww-43rr-79v3
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-10039.json
https://github.com/keycloak/keycloak
https://github.com/keycloak/keycloak/issues/35217
2319217 https://bugzilla.redhat.com/show_bug.cgi?id=2319217
CVE-2024-10039 https://nvd.nist.gov/vuln/detail/CVE-2024-10039
GHSA-93ww-43rr-79v3 https://github.com/advisories/GHSA-93ww-43rr-79v3
GHSA-93ww-43rr-79v3 https://github.com/keycloak/keycloak/security/advisories/GHSA-93ww-43rr-79v3
RHSA-2024:10175 https://access.redhat.com/errata/RHSA-2024:10175
RHSA-2024:10176 https://access.redhat.com/errata/RHSA-2024:10176
RHSA-2024:10177 https://access.redhat.com/errata/RHSA-2024:10177
RHSA-2024:10178 https://access.redhat.com/errata/RHSA-2024:10178
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-10039.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://github.com/keycloak/keycloak
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://github.com/keycloak/keycloak/issues/35217
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://github.com/keycloak/keycloak/security/advisories/GHSA-93ww-43rr-79v3
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

No EPSS data available for this vulnerability.

Date Actor Action Source VulnerableCode Version
2024-11-23T10:26:34.794883+00:00 RedHat Importer Import https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-10039.json 35.0.0