High severityGHSA Advisory· Published Nov 25, 2024· Updated Jan 30, 2025
Keycloak mTLS Authentication Bypass via Reverse Proxy TLS Termination
CVE-2024-10039
Description
A vulnerability was found in Keycloak. Deployments of Keycloak with a reverse proxy not using pass-through termination of TLS, with mTLS enabled, are affected. This issue may allow an attacker on the local network to authenticate as any user or client that leverages mTLS as the authentication mechanism.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.keycloak:keycloak-coreMaven | < 26.0.6 | 26.0.6 |
Affected products
28- osv-coords27 versionspkg:apk/chainguard/keycloakpkg:apk/chainguard/keycloak-bitnami-compatpkg:apk/chainguard/keycloak-bitnami-fipspkg:apk/chainguard/keycloak-compatpkg:apk/chainguard/keycloak-config-clipkg:apk/chainguard/keycloak-config-cli-bitnami-compatpkg:apk/chainguard/keycloak-config-cli-compatpkg:apk/chainguard/keycloak-config-cli-iamguarded-compatpkg:apk/chainguard/keycloak-fipspkg:apk/chainguard/keycloak-fips-bitnami-compatpkg:apk/chainguard/keycloak-fips-policy-140-2pkg:apk/chainguard/keycloak-fips-policy-140-3pkg:apk/chainguard/keycloak-iamguarded-compatpkg:apk/chainguard/keycloak-iamguarded-fipspkg:apk/chainguard/keycloak-operatorpkg:apk/chainguard/keycloak-operator-compatpkg:apk/wolfi/keycloakpkg:apk/wolfi/keycloak-bitnami-compatpkg:apk/wolfi/keycloak-compatpkg:apk/wolfi/keycloak-config-clipkg:apk/wolfi/keycloak-config-cli-bitnami-compatpkg:apk/wolfi/keycloak-config-cli-compatpkg:apk/wolfi/keycloak-config-cli-iamguarded-compatpkg:apk/wolfi/keycloak-iamguarded-compatpkg:apk/wolfi/keycloak-operatorpkg:apk/wolfi/keycloak-operator-compatpkg:maven/org.keycloak/keycloak-core
< 26.0.6-r0+ 26 more
- (no CPE)range: < 26.0.6-r0
- (no CPE)range: < 26.0.6-r0
- (no CPE)range: < 26.0.6-r0
- (no CPE)range: < 26.0.6-r0
- (no CPE)range: < 6.4.0-r1
- (no CPE)range: < 6.4.0-r1
- (no CPE)range: < 6.4.0-r1
- (no CPE)range: < 6.4.0-r1
- (no CPE)range: < 26.0.6-r0
- (no CPE)range: < 26.0.6-r0
- (no CPE)range: < 26.0.6-r0
- (no CPE)range: < 26.0.6-r0
- (no CPE)range: < 26.0.6-r0
- (no CPE)range: < 26.0.6-r0
- (no CPE)range: < 26.0.6-r0
- (no CPE)range: < 26.0.6-r0
- (no CPE)range: < 26.0.6-r0
- (no CPE)range: < 26.0.6-r0
- (no CPE)range: < 26.0.6-r0
- (no CPE)range: < 6.4.0-r1
- (no CPE)range: < 6.4.0-r1
- (no CPE)range: < 6.4.0-r1
- (no CPE)range: < 6.4.0-r1
- (no CPE)range: < 26.0.6-r0
- (no CPE)range: < 26.0.6-r0
- (no CPE)range: < 26.0.6-r0
- (no CPE)range: < 26.0.6
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.