CVE-2024-1722

A flaw was found in Keycloak. In certain conditions, this issue may allow a remote unauthenticated attacker to block other accounts from logging in.

CVSS v3 3.7 LOW

3.7^/10

CVSS v3 : LOW

Vector :

Exploitability : 2.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2024-1722	Broken Link
https://bugzilla.redhat.com/show_bug.cgi?id=2265389	Issue Tracking
https://access.redhat.com/security/cve/CVE-2024-1722	Broken Link
https://bugzilla.redhat.com/show_bug.cgi?id=2265389	Issue Tracking

Configurations

Configuration 1 (hide)

cpe:2.3:a:redhat:keycloak:23.0.5:*:*:*:*:*:*:*

History

14 Feb 2025, 17:24

Type	Values Removed	Values Added
CWE		NVD-CWE-noinfo
References	~~() https://access.redhat.com/security/cve/CVE-2024-1722 -~~	() https://access.redhat.com/security/cve/CVE-2024-1722 - Broken Link
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2265389 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2265389 - Issue Tracking
CPE		cpe:2.3:a:redhat:keycloak:23.0.5:::::::*
First Time		Redhat Redhat keycloak

21 Nov 2024, 08:51

Type	Values Removed	Values Added
Summary		(es) Se encontró una falla en Keycloak. En determinadas condiciones, este problema puede permitir que un atacante remoto no autenticado bloquee el inicio de sesión de otras cuentas.
References	~~() https://access.redhat.com/security/cve/CVE-2024-1722 -~~	() https://access.redhat.com/security/cve/CVE-2024-1722 -
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2265389 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2265389 -

29 Feb 2024, 01:43

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-02-29 01:43

Updated : 2025-02-14 17:24

NVD link : CVE-2024-1722

Mitre link : CVE-2024-1722

CVE.ORG link : CVE-2024-1722

JSON object : View

Products Affected

redhat

keycloak

CWE

CWE-645

Overly Restrictive Account Lockout Mechanism

NVD-CWE-noinfo

{"id": "CVE-2024-1722", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2024-02-29T01:43:54.010", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2024-1722", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265389", "tags": ["Issue Tracking"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2024-1722", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265389", "tags": ["Issue Tracking"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-645"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in Keycloak. In certain conditions, this issue may allow a remote unauthenticated attacker to block other accounts from logging in."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en Keycloak. En determinadas condiciones, este problema puede permitir que un atacante remoto no autenticado bloquee el inicio de sesi\u00f3n de otras cuentas."}], "lastModified": "2025-02-14T17:24:40.253", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:keycloak:23.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C704B9AC-0A6C-4EF1-AA3E-48A2295E9B14"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}