CVE-2024-5203

CVE-2024-5203 is a security vulnerability that is still awaiting full analysis and scoring.

Key facts

Description

Rejected reason: After careful review of CVE-2024-5203, it has been determined that the issue is not exploitable in real-world scenarios. Moreover, the exploit assumes that the attacker has access to a session code parameter that matches a cookie on the Keycloak server. However the attacker does not have access to the cookie, and can therefore not craft a malicious request.

Frequently asked questions

What is CVE-2024-5203?
Rejected reason: After careful review of CVE-2024-5203, it has been determined that the issue is not exploitable in real-world scenarios. Moreover, the exploit assumes that the attacker has access to a session code parameter that matches a cookie on the Keycloak server. However the attacker does not have access to the cookie, and can therefore not craft a malicious request.
Is CVE-2024-5203 being actively exploited?
It is not currently listed in CISA's Known Exploited Vulnerabilities catalog, and no EPSS exploit-prediction score is available yet.
How do I fix CVE-2024-5203?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
Does CVE-2024-5203 have an EU (EUVD) identifier?
Yes. CVE-2024-5203 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2024-46444.
When was CVE-2024-5203 published?
CVE-2024-5203 was published on 2024-06-12 and last updated on 2024-09-13.