VYPR
Low severity2.7GHSA Advisory· Published Jun 18, 2024· Updated Apr 15, 2026

CVE-2024-5967

CVE-2024-5967

Description

A vulnerability was found in Keycloak. The LDAP testing endpoint allows changing the Connection URL  independently without re-entering the currently configured LDAP bind credentials. This flaw allows an attacker with admin access (permission manage-realm) to change the LDAP host URL ("Connection URL") to a machine they control. The Keycloak server will connect to the attacker's host and try to authenticate with the configured credentials, thus leaking them to the attacker. As a consequence, an attacker who has compromised the admin console or compromised a user with sufficient privileges can leak domain credentials and attack the domain.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.keycloak:keycloak-ldap-federationMaven
>= 25.0.0, < 25.0.125.0.1
org.keycloak:keycloak-ldap-federationMaven
< 22.0.1222.0.12
org.keycloak:keycloak-ldap-federationMaven
>= 23.0.0, < 24.0.624.0.6

Affected products

20

Patches

Vulnerability mechanics

References

16

News mentions

0

No linked articles in our index yet.