Cyber Resilience

CVE-2024-4629

Medium

Published: 03 September 2024

Published
03 September 2024
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
EPSS Score 0.0044 63.8th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-4629 is a medium-severity Improper Enforcement of a Single, Unique Action (CWE-837) vulnerability in Redhat Enterprise Linux. Its CVSS base score is 6.5 (Medium).

Operationally, ranked in the top 36.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating multiple login requests simultaneously, attackers can exceed the configured limits for failed attempts before the system…

more

locks them out. This timing loophole enables attackers to make more guesses at passwords than intended, potentially compromising account security on affected systems.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

redhat
keycloak
≤ 24.0.3
redhat
build of keycloak
22.0 — 22.012
redhat
single sign-on
all versions · 7.6 — 7.6.10
redhat
openshift container platform
4.11, 4.12
redhat
openshift container platform for linuxone
4.10, 4.9
redhat
openshift container platform for power
4.10, 4.9
redhat
openshift container platform ibm z systems
4.10, 4.9

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References