{"uuid": "66ddfed7-af68-4a0d-b155-41f99cdedcfe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-93WW-43RR-79V3", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3504", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: GHSA-93ww-43rr-79v3\n\ud83d\udd25 CVSS Score: 7.0 (CVSS_V3)\n\ud83d\udd39 Description: A vulnerability was found in Keycloak. Deployments of Keycloak with a reverse proxy not using pass-through termination of TLS, with mTLS enabled, are affected. This issue may allow an attacker on the local network to authenticate as any user or client that leverages mTLS as the authentication mechanism.\n\ud83d\udccf Published: 2024-11-25T19:40:46Z\n\ud83d\udccf Modified: 2025-01-30T17:47:40Z\n\ud83d\udd17 References:\n1. https://github.com/keycloak/keycloak/security/advisories/GHSA-93ww-43rr-79v3\n2. https://github.com/keycloak/keycloak/issues/35217\n3. https://github.com/keycloak/keycloak", "creation_timestamp": "2025-01-30T18:12:32.000000Z"}