Bug 2328849 (CVE-2024-11735)
| Summary: | CVE-2024-11735 org.keycloak:keycloak-quarkus-server: HTTP Metrics explosion | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability-draft | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | unspecified | CC: | asoldano, bbaranow, bmaxwell, boliveir, brian.stansberry, cdewolf, chazlett, darran.lofthouse, dkreling, dosoudil, drichtar, fjuma, istudens, ivassile, iweiss, jkoops, lgao, mosmerov, msochure, msvehla, nwallace, pdrozd, peholase, pesilva, pjindal, pmackay, pskopek, rmartinc, rowaters, rstancel, security-response-team, smaestri, sthorger, tom.jenkinson |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
[REJECTED CVE] A potential Denial of Service (DoS) vulnerability has been identified in Keycloak, which could allow any unauthorized user to disrupt the service. An attacker exploiting this issue can cause the Keycloak server to become unresponsive or crash, leading to service disruption for all legitimate users.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Deadline: | 2025-03-28 | ||
|
Description
OSIDB Bzimport
2024-11-26 04:27:46 UTC
|