Security Advisory

CVE-2024-4540

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-06-03 15:33:18

Last updated 2026-03-26 23:13:49

Assigner redhat

State PUBLISHED

Description

A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests (PAR). Client-provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization servers HTTP response to a `request_uri` authorization request, possibly leading to an information disclosure vulnerability.

← Browse all CVEs View on cve.org ↗