CVE-2024-3656 PoC — Keycloak: unguarded admin rest api endpoints allows low privilege users to use administrative functionalities

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-3656.yaml

Associated Vulnerability

Title:Keycloak: unguarded admin rest api endpoints allows low privilege users to use administrative functionalities (CVE-2024-3656)
Description:A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise.

Description

A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise.

File Snapshot


 id: CVE-2024-3656

info:
  name: Keycloak < 24.0.5 - Broken Access Control
  author: iamnoooob,rootx

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →