[GHSA-c25h-c27q-5qpv] Keycloak leaks configured LDAP bind credentials through the Keycloak admin console

[MarkLee131]

Updates

• Affected products
• References

Comments update the issue for this cve on GitHub: https://github.com/keycloak/keycloak/issues/30434

and 8 patch commits for diverse versions (including backporting): https://github.com/rmartinc/keycloak/commit/02bb60505f8c4472d7564f71a8eb38450f861fd5 https://github.com/rmartinc/keycloak/commit/768f5d1d48a2ad981c08067104c8e10eb433cd6c https://github.com/rmartinc/keycloak/commit/d30512c07aa0f225c30e2c9b49ac16912a91ba13 https://github.com/rmartinc/keycloak/commit/446476adf9ad320278104f38684779d2a83c318a https://github.com/rmartinc/keycloak/commit/81336a510fcd03e804c9140c58ae7c390c0fe098 https://github.com/keycloak/keycloak/commit/bde8568d4174a7072f7c7bb507d2c7d05824b1a6 https://github.com/keycloak/keycloak/commit/1f56a9e48bf96c3bcb18dfc6cd93e3dd16f281f1 https://github.com/keycloak/keycloak/commit/0d0530046b9cb4b0d74d2fdefc9bd04f1d20cac0

The patch commits are all shown in the issue, and commit msgs also show their intention.

[github]

Hi there @rmartinc! A community member has suggested an improvement to your security advisory. If approved, this change will affect the global advisory listed at github.com/advisories. It will not affect the version listed in your project repository.

This change will be reviewed by our Security Curation Team. If you have thoughts or feedback, please share them in a comment here! If this PR has already been closed, you can start a new community contribution for this advisory

[advisory-database[bot]]

Hi @MarkLee131! Thank you so much for contributing to the GitHub Advisory Database. This database is free, open, and accessible to all, and it's people like you who make it great. Thanks for choosing to help others. We hope you send in more contributions in the future!