VDB
EN
MEDIUM 6.5

GHSA-pq65-77rc-7r8c

Keycloak has a Time-of-check Time-of-use (TOCTOU) Race Condition

상세

A flaw was found in Keycloak. An authenticated administrator with the `manage-clients` role can exploit a Time-of-check to time-of-use (TOCTOU) vulnerability in the name-based admin role checks. This allows the attacker to escalate their privileges to `realm-admin` for all users within the realm, granting them extensive control over the system. The composite role relationship persists even after the attacker's own permissions are revoked and across system reboots.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

Maven / org.keycloak:keycloak-server
최초 영향 버전: 0 수정 버전: 26.6.4
수정 # pom.xml: bump <version>26.6.4</version> for org.keycloak:keycloak-server

참고