VYPR
High severityGHSA Advisory· Published Nov 25, 2024· Updated Jan 30, 2025

Keycloak mTLS Authentication Bypass via Reverse Proxy TLS Termination

CVE-2024-10039

Description

A vulnerability was found in Keycloak. Deployments of Keycloak with a reverse proxy not using pass-through termination of TLS, with mTLS enabled, are affected. This issue may allow an attacker on the local network to authenticate as any user or client that leverages mTLS as the authentication mechanism.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.keycloak:keycloak-coreMaven
< 26.0.626.0.6

Affected products

28

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.