CNNVD-202602-1637 Information

CNNVD ID

CNNVD-202602-1637

Related CVE

CVE-2025-11537

• CNNVD Published: 2026-02-10

Description (Chinese)

Keycloak是Keycloak开源的一种开源身份和访问管理解决方案。 Keycloak存在安全漏洞，该漏洞源于当日志格式配置为详细用户提供模式时，敏感标头会以明文形式泄露到日志中，可能导致具有日志文件读取权限的攻击者提取凭据并冒充用户，造成账户完全接管。

Description (English)

Keycloak is an open-source identity and access management solution for Keycloak. There is a security loophole in Keycloak, which stems from the fact that when the log format is configured to provide a model for a detailed user, the sensitive header is leaked to the log in an explicit form, which may lead to the attackor with access to the log file to extract the evidence and impersonate the user, resulting in the account being taken over completely.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Keycloak

Published

2026-02-10

Last Modified

2026-02-24

References

https://access.redhat.com/security/cve/CVE-2025-11537 https://bugzilla.redhat.com/show_bug.cgi?id=2402616