CVE-2024-10492

LOW Year: 2024
CVSS v3 Score
2.7
Low
Weakness Type
CWE-73
View all →

Vulnerability Description

A vulnerability was found in Keycloak. A user with high privileges could read sensitive information from a Vault file that is not within the expected context. This attacker must have previous high access to the Keycloak server in order to perform resource creation, for example, an LDAP provider configuration and set up a Vault read file, which will only inform whether that file exists or not.

Related Vulnerabilities

CVE-2020-5297

LOW
CVSS:2.7(Low)

In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to upload jpg, jpeg, bmp, png, webp, gif, ico, css, js, woff, woff...

CWE-732020

CVE-2024-10672

LOW
CVSS:2.7(Low)

The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the mpg_upsert_project_source_block() function in all...

CWE-732024

CVE-2024-6937

MEDIUM
CVSS:2.7(Low)

A vulnerability, which was classified as problematic, was found in formtools.org Form Tools 3.1.1. Affected is the function curl_exec of the file /admin/forms/option_lists/edit.php of the component Im...

CWE-732024

CVE-2025-1911

LOW
CVSS:2.7(Low)

The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the admin_log_page...

CWE-732025

CVE-2025-1972

LOW
CVSS:2.7(Low)

The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the admin_log_page() function in all versions up to,...

CWE-732025

CVE-2021-1306

LOW
CVSS:3.4(Low)

A vulnerability in the restricted shell of Cisco Evolved Programmable Network (EPN) Manager, Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure could allow an authenticated, local at...

CWE-732021