Red Hat Security Advisory: Red Hat build of Keycloak 24.0.9 Images Update
Red Hat build of Keycloak is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat build of Keycloak for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services. Red Hat build of Keycloak Operator for OpenShift simplifies deployment and management of Keycloak 24.0.9 clusters. This erratum releases new images for Red Hat build of Keycloak 24.0.9 for use within the OpenShift Container Platform cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments, aligning with the standalone product release. Security fixes: * Sensitive Data Exposure in Keycloak Build Process (CVE-2024-10451) * Keycloak Denial of Service (CVE-2024-10270) * Keycloak path trasversal (CVE-2024-10492) * Keycloak proxy header handling Denial-of-Service (DoS) vulnerability (CVE-2024-9666) * Keycloak TLS passthrough (CVE-2024-10039)
AI Analysis
Technical Summary
This advisory covers security fixes in the Red Hat build of Keycloak 24.0.9 container images and its Operator for OpenShift. The vulnerabilities addressed include CVE-2024-9666, a denial-of-service vulnerability in proxy header handling; CVE-2024-10039 related to TLS passthrough; CVE-2024-10270, a denial-of-service issue; CVE-2024-10451 involving sensitive data exposure in the build process; and CVE-2024-10492, a path traversal vulnerability. These issues affect the authentication server functionality provided by Keycloak in containerized OpenShift environments. The advisory provides updated images to remediate these vulnerabilities aligning with the standalone Keycloak product release.
Potential Impact
The vulnerabilities collectively could allow denial-of-service conditions, exposure of sensitive data during the build process, and unauthorized path traversal within the Keycloak service. These issues impact the security and availability of authentication services managed by Keycloak in OpenShift containerized deployments. No known exploits in the wild have been reported at the time of this advisory. The severity is assessed as high due to the potential impact on authentication service reliability and confidentiality.
Mitigation Recommendations
Red Hat has released updated container images for Keycloak 24.0.9 and the associated Operator that address these vulnerabilities. Users should apply these updated images as soon as possible. Before applying this update, ensure all previously released relevant errata have been applied. Detailed update instructions are available from Red Hat's official documentation at https://access.redhat.com/articles/11258. No additional mitigations are indicated beyond applying the updated images.
Red Hat Security Advisory: Red Hat build of Keycloak 24.0.9 Images Update
Description
Red Hat build of Keycloak is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat build of Keycloak for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services. Red Hat build of Keycloak Operator for OpenShift simplifies deployment and management of Keycloak 24.0.9 clusters. This erratum releases new images for Red Hat build of Keycloak 24.0.9 for use within the OpenShift Container Platform cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments, aligning with the standalone product release. Security fixes: * Sensitive Data Exposure in Keycloak Build Process (CVE-2024-10451) * Keycloak Denial of Service (CVE-2024-10270) * Keycloak path trasversal (CVE-2024-10492) * Keycloak proxy header handling Denial-of-Service (DoS) vulnerability (CVE-2024-9666) * Keycloak TLS passthrough (CVE-2024-10039)
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This advisory covers security fixes in the Red Hat build of Keycloak 24.0.9 container images and its Operator for OpenShift. The vulnerabilities addressed include CVE-2024-9666, a denial-of-service vulnerability in proxy header handling; CVE-2024-10039 related to TLS passthrough; CVE-2024-10270, a denial-of-service issue; CVE-2024-10451 involving sensitive data exposure in the build process; and CVE-2024-10492, a path traversal vulnerability. These issues affect the authentication server functionality provided by Keycloak in containerized OpenShift environments. The advisory provides updated images to remediate these vulnerabilities aligning with the standalone Keycloak product release.
Potential Impact
The vulnerabilities collectively could allow denial-of-service conditions, exposure of sensitive data during the build process, and unauthorized path traversal within the Keycloak service. These issues impact the security and availability of authentication services managed by Keycloak in OpenShift containerized deployments. No known exploits in the wild have been reported at the time of this advisory. The severity is assessed as high due to the potential impact on authentication service reliability and confidentiality.
Mitigation Recommendations
Red Hat has released updated container images for Keycloak 24.0.9 and the associated Operator that address these vulnerabilities. Users should apply these updated images as soon as possible. Before applying this update, ensure all previously released relevant errata have been applied. Detailed update instructions are available from Red Hat's official documentation at https://access.redhat.com/articles/11258. No additional mitigations are indicated beyond applying the updated images.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2024:10175
- Cve Count
- 5
- Additional Cves
- ["CVE-2024-10039","CVE-2024-10270","CVE-2024-10451","CVE-2024-10492"]
- Cvss Version
- null
Threat ID: 6a19feb5e29bf47b500fc508
Added to database: 5/29/2026, 9:01:41 PM
Last enriched: 5/29/2026, 9:05:09 PM
Last updated: 5/31/2026, 4:18:34 AM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.