Infrastructure and Network

In Traefik versions prior to 2.11.14, prior to 3.0.0 and prior to 3.2.1 a medium severity vulnerability CVE-2024-52003 was detected. This vulnerability allows attackers to provide the X-Forwarded-Prefix header from an untrusted source, leading to potential issues. To address this issue, users must upgrade to Traefik version 2.11.14 or 3.2.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-52003.

In Keycloak versions up to 26.0.2 a medium severity vulnerability CVE-2024-10451 was detected. This vulnerability allows attackers to capture sensitive runtime values, such as passwords, which may be embedded in bytecode during the build process. To address this issue, users must upgrade to Keycloak versions 26.0.6 or 26.0.9. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-10451.

In Keycloak versions prior to 24.0.9, prior to 26.0.6 and 25.0.0 and prior a medium severity vulnerability CVE-2024-9666 was detected. This vulnerability allows attackers to exploit improper handling of proxy headers, leading to costly DNS resolution operations and potential denial of service (DoS). To address this issue, users must upgrade to Keycloak versions 26.0.6 or 24.0.9. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-9666.

In Keycloak versions up to 26.0.6 a low severity vulnerability CVE-2024-10492 was detected. This vulnerability allows attackers with high privileges to confirm the existence of sensitive Vault files by creating resources like an LDAP provider configuration and a Vault read file. To address this issue users must upgrade to Keycloak versions 26.0.6 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-10492.

In Keycloak versions up to 26.0.6 a high severity vulnerability CVE-2024-10270 was detected. This vulnerability allows attackers to trigger a denial of service (DoS) by exhausting system resources due to Regex complexity if untrusted data is passed to the SearchQueryUtils method. To address this issue, users must upgrade to Keycloak versions 26.0.6 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-10270.

In Authentik versions prior to 2024.8.5 a medium severity vulnerability CVE-2024-52307 was detected. This vulnerability allows attackers to brute-force the SECRET_KEY, which secures the /-/metrics/ endpoint, due to a flaw in how comparisons are done. To fix this issue, users need to update to versions 2024.8.5 or 2024.10.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-52307.

In Authentik versions prior to 2024.8.5 a high severity vulnerability CVE-2024-52289 was detected. This vulnerability allows attackers to bypass redirect URI validation and potentially redirect users to malicious websites. To fix this issue, users should upgrade Authentik to versions 2024.8.5 and 2024.10.3. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-52289.

In Authentik versions prior to 2024.8.5 a medium severity vulnerability CVE-2024-52287 was detected. This vulnerability allows attackers to obtain OAuth tokens with unauthorized scopes using client_credentials or device_code grants. These tokens could be used to perform malicious actions in trusted systems. To fix this issue, users need to update to versions 2024.8.5 or 2024.10.3. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-52287.

In Consul Community Edition versions from 1.9.0 to 1.20.0 and Consul Enterprise versions 1.9.0 up to 1.20.0, 1.19.2, 1.18.4, and 1.15.14 a medium severity vulnerability CVE-2024-10005 was detected. This vulnerability allows attackers to bypass HTTP request path-based access controls in Layer 7 (L7) traffic intentions due to inadequate path normalization, potentially enabling unauthorized access to restricted HTTP paths. To fix this issue, users should upgrade Consul Community Edition to version 1.20.1 and Consul Enterprise to version 1.20.1, 1.19.3, 1.18.5, and 1.15.15. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-10005.