CVE-2024-11734 Information

Description

A denial of service vulnerability was found in Keycloak that could allow an administrative user with the right to change realm settings to disrupt the service. This action is done by modifying any of the security headers and inserting newlines which causes the Keycloak server to write to a request that has already been terminated leading to the failure of said request.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Reference

https://access.redhat.com/errata/RHSA-2025:0299 https://access.redhat.com/errata/RHSA-2025:0300 https://access.redhat.com/security/cve/CVE-2024-11734 https://bugzilla.redhat.com/show_bug.cgi?id=2328846

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

6.5