CVE-2024-10492: External Control of File Name or Path
A vulnerability was found in Keycloak. A user with high privileges could read sensitive information from a Vault file that is not within the expected context. This attacker must have previous high access to the Keycloak server in order to perform resource creation, for example, an LDAP provider configuration and set up a Vault read file, which will only inform whether that file exists or not.
AI Analysis
Technical Summary
This vulnerability in Keycloak involves external control of file name or path, enabling a privileged user to read sensitive information from Vault files not intended to be accessible in the given context. The attacker must already have high privileges on the Keycloak server to create resources that trigger the vulnerability, such as configuring an LDAP provider and setting up a Vault read file. The exploit only confirms the existence of files rather than exposing their contents. Red Hat has issued security advisories and released fixed Keycloak 24.0.9 images for OpenShift and standalone deployments that resolve this path traversal vulnerability.
Potential Impact
The impact is limited to information disclosure of file existence within Vault files outside the expected context, requiring prior high privileges on the Keycloak server. There is no indication of data modification or denial of service. The CVSS score of 2.7 reflects the low severity and limited scope of this vulnerability.
Mitigation Recommendations
Red Hat has released updated Keycloak 24.0.9 images containing a fix for this vulnerability. Users should apply these official updates as provided in Red Hat advisories RHSA-2024:10175 and RHSA-2024:10176. Before updating, back up existing installations, including configurations and databases. Patch status is confirmed as fixed by Red Hat. No additional mitigation steps are indicated beyond applying the vendor-provided updates.
CVE-2024-10492: External Control of File Name or Path
Description
A vulnerability was found in Keycloak. A user with high privileges could read sensitive information from a Vault file that is not within the expected context. This attacker must have previous high access to the Keycloak server in order to perform resource creation, for example, an LDAP provider configuration and set up a Vault read file, which will only inform whether that file exists or not.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in Keycloak involves external control of file name or path, enabling a privileged user to read sensitive information from Vault files not intended to be accessible in the given context. The attacker must already have high privileges on the Keycloak server to create resources that trigger the vulnerability, such as configuring an LDAP provider and setting up a Vault read file. The exploit only confirms the existence of files rather than exposing their contents. Red Hat has issued security advisories and released fixed Keycloak 24.0.9 images for OpenShift and standalone deployments that resolve this path traversal vulnerability.
Potential Impact
The impact is limited to information disclosure of file existence within Vault files outside the expected context, requiring prior high privileges on the Keycloak server. There is no indication of data modification or denial of service. The CVSS score of 2.7 reflects the low severity and limited scope of this vulnerability.
Mitigation Recommendations
Red Hat has released updated Keycloak 24.0.9 images containing a fix for this vulnerability. Users should apply these official updates as provided in Red Hat advisories RHSA-2024:10175 and RHSA-2024:10176. Before updating, back up existing installations, including configurations and databases. Patch status is confirmed as fixed by Red Hat. No additional mitigation steps are indicated beyond applying the vendor-provided updates.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- redhat
- Date Reserved
- 2024-10-29T13:07:47.731Z
- Cvss Version
- 3.0
- State
- PUBLISHED
- Vendor Advisory Urls
- [{"url":"https://access.redhat.com/errata/RHSA-2024:10175","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2024:10176","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2024:10177","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2024:10178","vendor":"Red Hat"},{"url":"https://access.redhat.com/security/cve/CVE-2024-10492","vendor":"Red Hat"}]
Threat ID: 69136629f922b639ab601295
Added to database: 11/11/2025, 4:36:57 PM
Last enriched: 5/7/2026, 1:43:36 AM
Last updated: 5/9/2026, 8:57:24 AM
Views: 165
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.