CVE-2024-5203
CVE-2024-5203 is a security vulnerability that is still awaiting full analysis and scoring.
Key facts
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2024-46444
- Published:
- Last modified:
Description
Rejected reason: After careful review of CVE-2024-5203, it has been determined that the issue is not exploitable in real-world scenarios. Moreover, the exploit assumes that the attacker has access to a session code parameter that matches a cookie on the Keycloak server. However the attacker does not have access to the cookie, and can therefore not craft a malicious request.
Frequently asked questions
- What is CVE-2024-5203?
- Rejected reason: After careful review of CVE-2024-5203, it has been determined that the issue is not exploitable in real-world scenarios. Moreover, the exploit assumes that the attacker has access to a session code parameter that matches a cookie on the Keycloak server. However the attacker does not have access to the cookie, and can therefore not craft a malicious request.
- Is CVE-2024-5203 being actively exploited?
- It is not currently listed in CISA's Known Exploited Vulnerabilities catalog, and no EPSS exploit-prediction score is available yet.
- How do I fix CVE-2024-5203?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- Does CVE-2024-5203 have an EU (EUVD) identifier?
- Yes. CVE-2024-5203 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2024-46444.
- When was CVE-2024-5203 published?
- CVE-2024-5203 was published on 2024-06-12 and last updated on 2024-09-13.