CVE ID: CVE-2024-5967 Bug ID: 2292200 Summary: keycloak: Leak of configured LDAP bind credentials through the Keycloak admin console Keywords: Security Status: NEW Priority: low Severity: low Product: Security Response Component: vulnerability Version: unspecified Hardware: All OS: Linux Reported: 2024-06-13 12:37 UTC Modified: 2025-09-03 08:27 UTC CC List: 12 users Description: - The LDAP testing endpoint allows to change the Connection URL independently of and without having to re-enter the currently configured LDAP bind credentials. An attacker with admin access can change the LDAP host URL to a machine they control. The Keycloak server will connect to the attacker's host and try to authenticate with the configured credentials, thus leaking them to the attacker. As a consequence, an attacker who has compromised the admin console can leak domain credentials and can now attack the domain. This requires: Access to the REST endpoint and the admin user needed with manage-realm permission. Version affected: <= 24.0.5 Fixed in: - Red Hat Single Sign-On via RHSA-2024:6494 - Red Hat Single Sign-On 7.6 for RHEL 7 via RHSA-2024:6493 - Red Hat Single Sign-On 7.6 for RHEL 8 via RHSA-2024:6494 - Red Hat build of Keycloak 22 via RHSA-2024:6501 - Red Hat build of Keycloak 22 via RHSA-2024:6500 - Red Hat Single Sign-On 7.6 for RHEL 9 via RHSA-2024:6495 - RHEL-8 based Middleware Containers via RHSA-2024:6497