Keycloak Patches CVE-2024-3656 Granting Low-Privilege Users Administrative Access
Keycloak, an open-source identity and access management platform, has released a security update to rectify a high-severity vulnerability identified as CVE-2024-3656 with a CVSS score of 8.1. This vulnerability was discovered by Maurizio Agazzini and affects all Keycloak versions before 24.0.5. The issue lies in the admin REST API endpoints, which could be exploited by low-privilege users to perform actions or access information intended for administrators. The potential consequences include data breaches, system compromise, and privilege escalation. To mitigate these risks, it is recommended to update Keycloak to version 24.0.5, monitor logs for unusual API requests, enforce the principle of least privilege, and stay updated with Keycloak's security advisories and patches. CVEs: CVE-2024-3656 [View Article](https://securityonline.info/keycloak-patches-cve-2024-3656-granting-low-privilege-users-administrative-access/)