How severe is CVE-2024-5967?

This vulnerability has a severity rating of LOW with a CVSS score of 2.7 out of 10.

What type of vulnerability is CVE-2024-5967?

This is classified as CWE-276, which is a common weakness in software security.

CVE-2024-5967 - LOW Severity | CVSS 2.7

Vulnerability Description

A vulnerability was found in Keycloak. The LDAP testing endpoint allows changing the Connection URL independently without re-entering the currently configured LDAP bind credentials. This flaw allows an attacker with admin access (permission manage-realm) to change the LDAP host URL ("Connection URL") to a machine they control. The Keycloak server will connect to the attacker's host and try to authenticate with the configured credentials, thus leaking them to the attacker. As a consequence, an attacker who has compromised the admin console or compromised a user with sufficient privileges can leak domain credentials and attack the domain.

Related Vulnerabilities

CVE-2019-16183

LOW

CVSS:2.7(Low)

In Limesurvey before 3.17.14, admin users can run an integrity check without proper permissions.

CWE-2762019

CVE-2020-11692

LOW

CVSS:2.7(Low)

In JetBrains YouTrack before 2020.1.659, DB export was accessible to read-only administrators.

CWE-2762020

CVE-2024-30204

LOW

CVSS:2.8(Low)

In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments.

CWE-2762024

CVE-2024-53921

LOW

CVSS:2.8(Low)

An issue was discovered in the installer in Samsung Magician 8.1.0 on Windows. An attacker can create arbitrary folders in the system permission directory via a symbolic link during the installation p...

CWE-2762024

CVE-2024-21002

LOW

CVSS:2.5(Low)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Ent...

CWE-2762024

CVE-2024-21004

LOW

CVSS:2.5(Low)

CWE-2762024