CVE-2024-10492: 
Java vulnerability analysis and mitigation

A vulnerability (CVE-2024-10492) was discovered in Keycloak that allows unauthorized file access through path traversal in file vault configurations. The vulnerability affects Keycloak versions up to 26.0.2, where a user with high privileges could read sensitive information from a Vault file that is not within the expected context (Red Hat CVE, NVD).

The vulnerability stems from permissive regex validation in file vault configurations. The weakness allows reading any file on the Keycloak server, though the admin user cannot access the actual contents unless they have also compromised the remote system that the password/secret is intended to be sent to. The vulnerability has been assigned a CVSS 3.0 Base Score of 2.7 (LOW) with the vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N (NVD).

The primary impact of this vulnerability is limited to information disclosure, specifically revealing the existence of files on the Keycloak server. The attacker must have previous high access to the Keycloak server to perform resource creation, such as LDAP provider configuration and setting up a Vault read file (Red Hat CVE).

The vulnerability has been patched in multiple versions of Red Hat build of Keycloak, including versions 24.0.9 and 26.0.6. The fix is available through several security advisories: RHSA-2024:10175, RHSA-2024:10176, RHSA-2024:10177, and RHSA-2024:10178. The upstream fix has been implemented in a commit to the Keycloak repository (Bugzilla).