How severe is CVE-2024-10451?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2024-10451?

This is classified as CWE-798, which is a common weakness in software security.

CVE-2024-10451 - MEDIUM Severity | CVSS 5.9

Vulnerability Description

A flaw was found in Keycloak. This issue occurs because sensitive runtime values, such as passwords, may be captured during the Keycloak build process and embedded as default values in bytecode, leading to unintended information disclosure. In Keycloak 26, sensitive data specified directly in environment variables during the build process is also stored as a default values, making it accessible during runtime. Indirect usage of environment variables for SPI options and Quarkus properties is also vulnerable due to unconditional expansion by PropertyMapper logic, capturing sensitive data as default values in all Keycloak versions up to 26.0.2.

Related Vulnerabilities

CVE-2015-7276

MEDIUM

CVSS:5.9(Medium)

Technicolor C2000T and C2100T uses hard-coded cryptographic keys.

CWE-7982015

CVE-2018-12240

MEDIUM

CVSS:5.9(Medium)

The Norton Identity Safe product prior to 5.3.0.976 may be susceptible to a privilege escalation issue via a hard coded IV, which is a type of vulnerability that can potentially increase the likelihoo...

CWE-7982018

CVE-2018-16546

MEDIUM

CVSS:5.9(Medium)

Amcrest networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging kn...

CWE-7982018

CVE-2018-9073

MEDIUM

CVSS:5.9(Medium)

Lenovo Chassis Management Module (CMM) prior to version 2.0.0 utilizes a hardcoded encryption key to protect certain secrets. Possession of the key can allow an attacker that has already compromised t...

CWE-7982018

CVE-2018-9195

MEDIUM

CVSS:5.9(Medium)

Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow a Man in the middle with knowledge of the key to eavesdrop on and modify information (URL/SPAM services...

CWE-7982018

CVE-2019-13399

MEDIUM

CVSS:5.9(Medium)

Dynacolor FCM-MB40 v1.2.0.0 devices have a hard-coded SSL/TLS key that is used during an administrator's SSL conversation.

CWE-7982019