Keycloak Patches CVE-2024-3656 Granting Low-Privilege Users Administrative Access
Open-source identity and access management platform Keycloak has released a security update to address a high-severity vulnerability that could allow low-privilege users to gain unauthorized access to administrative functions.
The vulnerability, tracked as CVE-2024-3656 and assigned a CVSS score of 8.1, was discovered by security researcher Maurizio Agazzini. It affects all Keycloak versions prior to 24.0.5.
The flaw exists within certain endpoints of Keycloak’s admin REST API. By exploiting these endpoints, malicious actors with low-level user accounts could potentially execute commands and access sensitive information typically reserved for administrators. This could lead to a range of serious security breaches, including:
- Data breaches: Unauthorized access to sensitive user data, system configurations, and application secrets.
- System compromise: Ability to modify system settings, potentially disrupting services or granting attackers further control over the infrastructure.
- Privilege escalation: Elevating user privileges to gain complete control over the Keycloak server and connected applications.
Keycloak has addressed this vulnerability in version 24.0.5. All users are strongly urged to update their deployments to the latest version immediately.
What can you do?
- Update Keycloak: If you are running a version of Keycloak prior to 24.0.5, upgrade to the patched version as soon as possible.
- Review API activity: Monitor your Keycloak logs for any suspicious API requests, especially from low-privilege accounts.
- Implement least privilege: Ensure users only have the necessary permissions required for their roles.
- Stay informed: Keep up-to-date with the latest security advisories and patches from Keycloak.
By taking swift action, organizations can mitigate the risk posed by CVE-2024-3656 and protect their critical systems and data.
