A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests (PAR). Client-provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization server's HTTP response to a `request_uri` authorization request, possibly leading to an information disclosure vulnerability.
rh-sso-7/sso76 Red Hat / RHEL
Fixed in: openshift-rhel8@sha256:509a5c067105e608481b6dbd1d4f25e27dc446420b7830b06bf82981d851ac10_s390x RHSA-2024:3570 Fixed in: openshift-rhel8@sha256:f57c4d020d9186224404fa3ff40dbd09ed4c70de4c94bd281ceabc6e99dbd9d4_amd64 RHSA-2024:3570 Fixed in: openshift-rhel8@sha256:0b4292deba12b39ec2d115323252561da25aff7d2eedfb74b4dc26404eedbb5c_ppc64le RHSA-2024:3570 rh-sso-7/sso76 Rocky
Fixed in: openshift-rhel8@sha256:f57c4d020d9186224404fa3ff40dbd09ed4c70de4c94bd281ceabc6e99dbd9d4_amd64 RHSA-2024:3570 Fixed in: openshift-rhel8@sha256:0b4292deba12b39ec2d115323252561da25aff7d2eedfb74b4dc26404eedbb5c_ppc64le RHSA-2024:3570 Fixed in: openshift-rhel8@sha256:509a5c067105e608481b6dbd1d4f25e27dc446420b7830b06bf82981d851ac10_s390x RHSA-2024:3570 rh-sso7-keycloak Red Hat / RHEL
rh-sso7-keycloak-server Rocky
rh-sso7-keycloak-server Red Hat / RHEL
rhbk/keycloak Rocky
Fixed in: rhel9@sha256:22f396e6089ca6dde477768d6db93601400bca856ef8e40172386a28d27a6d45_s390x RHSA-2024:3576 Fixed in: rhel9-operator@sha256:852808bb948ab47f547d3863f96d165fc38393c6011f5968d66bf14500533a5c_s390x RHSA-2024:3576 Fixed in: rhel9@sha256:27d19c61a24ea38dfb537f89f9b459a1be957554985b489b5387c9d61fb3b271_ppc64le RHSA-2024:3576 Fixed in: rhel9-operator@sha256:57d9fabf4ef5677450af0e834b5d96694803a055514e262f4173118d7bc186f5_ppc64le RHSA-2024:3576 Fixed in: rhel9@sha256:31a6a24fd944d1ad702b29d94fae0f396aec4a53aea785fd726451bf746f38f7_s390x RHSA-2024:3573 Fixed in: rhel9-operator@sha256:84657b43cc9efa38eb3092c3a8af58d65f11d0668ac97239f4f90c1a48312758_s390x RHSA-2024:3573 Fixed in: rhel9@sha256:505d461864d7b1fc31c503eb23a26838f6b3f8968c9f3cbf72dada89d5617e8f_amd64 RHSA-2024:3573 Fixed in: operator-bundle@sha256:029419edb428ff08c96c27985892a532575e1681a0a603a571de7c40ddcb8dc5_amd64 RHSA-2024:3573 Fixed in: rhel9-operator@sha256:424e978364f2873c9b50cab3400bd88f2a41c0bc21efb4c5d84bfc4f644be1b4_amd64 RHSA-2024:3573 Fixed in: rhel9@sha256:bee7dedbcafe6d67b5ca3be404c026740d7f6e659b377d27be60e82d89809290_ppc64le RHSA-2024:3573 Fixed in: rhel9-operator@sha256:3088c5f0f714a1e58455526ffe8ed221fcde410f98c09f001fc87721166f8f16_ppc64le RHSA-2024:3573 Fixed in: rhel9@sha256:cecd857e6417f83d07682b27b6e2c59af661e52ff7d56ee01c84792982472ba9_amd64 RHSA-2024:3576 Fixed in: operator-bundle@sha256:106f2b57139af7135a83d41a1a0c8cf82d7f35ecb539e7d578759ac180ae1f03_amd64 RHSA-2024:3576 Fixed in: rhel9-operator@sha256:85207f0d7f58bdf0e5b12b5b1a6332ef733d6febd9c9c9d3a357d10265ffcc0a_amd64 RHSA-2024:3576 rhbk/keycloak Red Hat / RHEL
Fixed in: rhel9-operator@sha256:57d9fabf4ef5677450af0e834b5d96694803a055514e262f4173118d7bc186f5_ppc64le RHSA-2024:3576 Fixed in: rhel9-operator@sha256:84657b43cc9efa38eb3092c3a8af58d65f11d0668ac97239f4f90c1a48312758_s390x RHSA-2024:3573 Fixed in: rhel9@sha256:505d461864d7b1fc31c503eb23a26838f6b3f8968c9f3cbf72dada89d5617e8f_amd64 RHSA-2024:3573 Fixed in: operator-bundle@sha256:029419edb428ff08c96c27985892a532575e1681a0a603a571de7c40ddcb8dc5_amd64 RHSA-2024:3573 Fixed in: rhel9-operator@sha256:424e978364f2873c9b50cab3400bd88f2a41c0bc21efb4c5d84bfc4f644be1b4_amd64 RHSA-2024:3573 Fixed in: rhel9@sha256:bee7dedbcafe6d67b5ca3be404c026740d7f6e659b377d27be60e82d89809290_ppc64le RHSA-2024:3573 Fixed in: rhel9-operator@sha256:3088c5f0f714a1e58455526ffe8ed221fcde410f98c09f001fc87721166f8f16_ppc64le RHSA-2024:3573 Fixed in: rhel9@sha256:cecd857e6417f83d07682b27b6e2c59af661e52ff7d56ee01c84792982472ba9_amd64 RHSA-2024:3576 Fixed in: operator-bundle@sha256:106f2b57139af7135a83d41a1a0c8cf82d7f35ecb539e7d578759ac180ae1f03_amd64 RHSA-2024:3576 Fixed in: rhel9-operator@sha256:85207f0d7f58bdf0e5b12b5b1a6332ef733d6febd9c9c9d3a357d10265ffcc0a_amd64 RHSA-2024:3576 Fixed in: rhel9@sha256:22f396e6089ca6dde477768d6db93601400bca856ef8e40172386a28d27a6d45_s390x RHSA-2024:3576 Fixed in: rhel9-operator@sha256:852808bb948ab47f547d3863f96d165fc38393c6011f5968d66bf14500533a5c_s390x RHSA-2024:3576 Fixed in: rhel9@sha256:27d19c61a24ea38dfb537f89f9b459a1be957554985b489b5387c9d61fb3b271_ppc64le RHSA-2024:3576 Fixed in: rhel9@sha256:31a6a24fd944d1ad702b29d94fae0f396aec4a53aea785fd726451bf746f38f7_s390x RHSA-2024:3573 Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.
Exploitability
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Impact
Confidentiality High
Integrity None
Availability None
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.55% probability of exploitation in 30 days
42nd percentile
Moderate risk: more likely to be exploited than 42% of all known CVEs.
Other CWE-312 vulnerabilities, ordered by exploit likelihood. View all
Embed a live status badge for CVE-2024-4540 Markdown
[](https://tridentstack.com/cve/CVE-2024-4540)HTML
<a href="https://tridentstack.com/cve/CVE-2024-4540"><img src="https://tridentstack.com/cve/badge/CVE-2024-4540.svg" alt="CVE-2024-4540"></a>Find and fix vulnerabilities across your fleet TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.
Start free This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2026-02-25.