VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-gm3s-z2z6-wuec

Essentials
Severities (128)
References (35)
Severity details (39)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-gm3s-z2z6-wuec
Aliases	CVE-2024-4629 GHSA-8wm9-24qg-m5qj GHSA-gc7q-jgjv-vjr2
Summary	A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating multiple login requests simultaneously, attackers can exceed the configured limits for failed attempts before the system locks them out. This timing loophole enables attackers to make more guesses at passwords than intended, potentially compromising account security on affected systems.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-837	Improper Enforcement of a Single, Unique Action
CWE-307	Improper Restriction of Excessive Authentication Attempts
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1	7.1	https://access.redhat.com/errata/RHSA-2024:6493
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2024:6493
cvssv3.1	7.1	https://access.redhat.com/errata/RHSA-2024:6494
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2024:6494
cvssv3.1	7.1	https://access.redhat.com/errata/RHSA-2024:6495
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2024:6495
cvssv3.1	7.1	https://access.redhat.com/errata/RHSA-2024:6497
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2024:6497
cvssv3.1	7.1	https://access.redhat.com/errata/RHSA-2024:6499
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2024:6499
cvssv3.1	7.1	https://access.redhat.com/errata/RHSA-2024:6500
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2024:6500
cvssv3.1	7.1	https://access.redhat.com/errata/RHSA-2024:6501
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2024:6501
cvssv3	6.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4629.json
cvssv3.1	6.5	https://access.redhat.com/security/cve/CVE-2024-4629
generic_textual	MODERATE	https://access.redhat.com/security/cve/CVE-2024-4629
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00117	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00117	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00117	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00117	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00117	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00117	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00117	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00117	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00117	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00117	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00514	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00589	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00589	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00589	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00589	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00589	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00589	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00589	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00589	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00659	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00659	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00659	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00659	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00659	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
epss	0.00906	https://api.first.org/data/v1/epss?cve=CVE-2024-4629
cvssv3.1	6.5	https://bugzilla.redhat.com/show_bug.cgi?id=2276761
generic_textual	MODERATE	https://bugzilla.redhat.com/show_bug.cgi?id=2276761
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-8wm9-24qg-m5qj
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-gc7q-jgjv-vjr2
cvssv3.1	6.8	https://github.com/keycloak/keycloak
generic_textual	HIGH	https://github.com/keycloak/keycloak
cvssv3.1	6.5	https://github.com/keycloak/keycloak/commit/2fb358e1a21c5387cdc11100ce3562b4dcfe5416
generic_textual	MODERATE	https://github.com/keycloak/keycloak/commit/2fb358e1a21c5387cdc11100ce3562b4dcfe5416
cvssv3.1	6.5	https://github.com/keycloak/keycloak/commit/461fa631dc55b9739c9ed8c49de9f5b213955200
generic_textual	MODERATE	https://github.com/keycloak/keycloak/commit/461fa631dc55b9739c9ed8c49de9f5b213955200
cvssv3.1	6.5	https://github.com/keycloak/keycloak/commit/99f92ad5fff5555d53930c2d32f8be3e08c514c1
generic_textual	MODERATE	https://github.com/keycloak/keycloak/commit/99f92ad5fff5555d53930c2d32f8be3e08c514c1
cvssv3.1	6.5	https://github.com/keycloak/keycloak/commit/b25c28458a562abda2f84fc684e59cce8577e562
generic_textual	MODERATE	https://github.com/keycloak/keycloak/commit/b25c28458a562abda2f84fc684e59cce8577e562
cvssv3.1	6.5	https://github.com/keycloak/keycloak/commit/c8053dd812d9b9f05b293f901b9dc39e061ebb88
generic_textual	MODERATE	https://github.com/keycloak/keycloak/commit/c8053dd812d9b9f05b293f901b9dc39e061ebb88
cvssv3.1	6.5	https://github.com/keycloak/keycloak/commit/d78b3072ffffbff3954bf9f3181e3daf8e93c1ab
generic_textual	MODERATE	https://github.com/keycloak/keycloak/commit/d78b3072ffffbff3954bf9f3181e3daf8e93c1ab
cvssv3.1	6.5	https://github.com/keycloak/keycloak/security/advisories/GHSA-gc7q-jgjv-vjr2
generic_textual	MODERATE	https://github.com/keycloak/keycloak/security/advisories/GHSA-gc7q-jgjv-vjr2
cvssv3	6.5	https://nvd.nist.gov/vuln/detail/CVE-2024-4629
cvssv3.1	6.5	https://nvd.nist.gov/vuln/detail/CVE-2024-4629

Reference id	Reference type	URL
		https://access.redhat.com/errata/RHSA-2024:6493
		https://access.redhat.com/errata/RHSA-2024:6494
		https://access.redhat.com/errata/RHSA-2024:6495
		https://access.redhat.com/errata/RHSA-2024:6497
		https://access.redhat.com/errata/RHSA-2024:6499
		https://access.redhat.com/errata/RHSA-2024:6500
		https://access.redhat.com/errata/RHSA-2024:6501
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4629.json
		https://access.redhat.com/security/cve/CVE-2024-4629
		https://api.first.org/data/v1/epss?cve=CVE-2024-4629
		https://bugzilla.redhat.com/show_bug.cgi?id=2276761
		https://github.com/hnsecurity/vulns/blob/main/HNS-2024-09-Keycloak.md
		https://github.com/keycloak/keycloak
		https://github.com/keycloak/keycloak/commit/2fb358e1a21c5387cdc11100ce3562b4dcfe5416
		https://github.com/keycloak/keycloak/commit/461fa631dc55b9739c9ed8c49de9f5b213955200
		https://github.com/keycloak/keycloak/commit/99f92ad5fff5555d53930c2d32f8be3e08c514c1
		https://github.com/keycloak/keycloak/commit/b25c28458a562abda2f84fc684e59cce8577e562
		https://github.com/keycloak/keycloak/commit/c8053dd812d9b9f05b293f901b9dc39e061ebb88
		https://github.com/keycloak/keycloak/commit/d78b3072ffffbff3954bf9f3181e3daf8e93c1ab
		https://github.com/keycloak/keycloak/security/advisories/GHSA-gc7q-jgjv-vjr2
		https://security.humanativaspa.it/an-analysis-of-the-keycloak-authentication-system/
cpe:2.3:a:redhat:build_of_keycloak::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:build_of_keycloak::::::::
cpe:2.3:a:redhat:keycloak::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:keycloak::::::::
cpe:2.3:a:redhat:single_sign-on:-::::text-only:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:single_sign-on:-::::text-only:::
cpe:/a:redhat:build_keycloak:22		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22
cpe:/a:redhat:build_keycloak:22::el9		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9
cpe:/a:redhat:jboss_enterprise_application_platform:8		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
cpe:/a:redhat:red_hat_single_sign_on:7.6		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6
cpe:/a:redhat:red_hat_single_sign_on:7.6::el7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
cpe:/a:redhat:red_hat_single_sign_on:7.6::el8		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
cpe:/a:redhat:red_hat_single_sign_on:7.6::el9		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
cpe:/a:redhat:rhosemc:1.0::el8		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
CVE-2024-4629		https://nvd.nist.gov/vuln/detail/CVE-2024-4629
GHSA-8wm9-24qg-m5qj		https://github.com/advisories/GHSA-8wm9-24qg-m5qj
GHSA-gc7q-jgjv-vjr2		https://github.com/advisories/GHSA-gc7q-jgjv-vjr2

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2024:6493

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2024:6494

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2024:6495

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2024:6497

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2024:6499

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2024:6500

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2024:6501

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4629.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://access.redhat.com/security/cve/CVE-2024-4629

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=2276761

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Found at https://github.com/keycloak/keycloak

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://github.com/keycloak/keycloak/commit/2fb358e1a21c5387cdc11100ce3562b4dcfe5416

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://github.com/keycloak/keycloak/commit/461fa631dc55b9739c9ed8c49de9f5b213955200

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://github.com/keycloak/keycloak/commit/99f92ad5fff5555d53930c2d32f8be3e08c514c1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://github.com/keycloak/keycloak/commit/b25c28458a562abda2f84fc684e59cce8577e562

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://github.com/keycloak/keycloak/commit/c8053dd812d9b9f05b293f901b9dc39e061ebb88

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://github.com/keycloak/keycloak/commit/d78b3072ffffbff3954bf9f3181e3daf8e93c1ab

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://github.com/keycloak/keycloak/security/advisories/GHSA-gc7q-jgjv-vjr2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-4629

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-4629

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.25564
EPSS Score	0.00084
Published At	April 15, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2024-09-17T19:11:30.125978+00:00	NVD Importer	Import	https://nvd.nist.gov/vuln/detail/CVE-2024-4629	34.0.1