We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
A vulnerability was found in Keycloak. The environment option `KC_CACHE_EMBEDDED_MTLS_ENABLED` does not work and the JGroups replication configuration is always used in plain text which can allow an attacker that has access to adjacent networks related to JGroups to read sensitive information.
Reserved 2024-11-07 | Published 2024-12-17 | Updated 2024-12-18 | Assigner redhatCleartext Transmission of Sensitive Information
2024-11-07: | Reported to Red Hat. |
2024-11-07: | Made public. |
Red Hat would like to thank philliphnguyen for reporting this issue.
access.redhat.com/security/cve/CVE-2024-10973
bugzilla.redhat.com/show_bug.cgi?id=2324361 (RHBZ#2324361)
Support options