Nixpkgs Security Tracker

Login with GitHub

Suggestion detail

Untriaged

Permalink CVE-2024-10973

created 5 months ago

Keycloak: cli option for encrypted jgroups ignored

A vulnerability was found in Keycloak. The environment option `KC_CACHE_EMBEDDED_MTLS_ENABLED` does not work and the JGroups replication configuration is always used in plain text which can allow an attacker that has access to adjacent networks related to JGroups to read sensitive information.

Affected products

keycloak

*
<25.0
<23.0

org.keycloak/keycloak-quarkus-server

Matching in nixpkgs

pkgs.keycloak

Identity and access management for modern applications and services

nixos-unstable -
- nixpkgs-unstable 26.3.4

pkgs.terraform-providers.keycloak

None

nixos-unstable -
- nixpkgs-unstable 5.4.0

pkgs.python312Packages.python-keycloak

Provides access to the Keycloak API

nixos-unstable -
- nixpkgs-unstable 4.0.0

pkgs.python313Packages.python-keycloak

Provides access to the Keycloak API

nixos-unstable -
- nixpkgs-unstable 4.0.0

Package maintainers

@ngerstle Nicholas Gerstle <ngerstle@gmail.com>
@NickCao Nick Cao <nickcao@nichi.co>
@talyz Kim Lindberger <kim.lindberger@gmail.com>
@leona-ya Leona Maroni <nix@leona.is>