Bug 2311641 (CVE-2024-8698)
| Summary: | CVE-2024-8698 keycloak-saml-core: Improper Verification of SAML Responses Leading to Privilege Escalation in Keycloak | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | asoldano, bbaranow, bmaxwell, boliveir, brian.stansberry, cdewolf, chazlett, darran.lofthouse, dkreling, dosoudil, dpalmer, drichtar, fjuma, istudens, ivassile, iweiss, jkoops, lgao, mosmerov, msochure, msvehla, nwallace, pdrozd, peholase, pesilva, pjindal, pmackay, pskopek, rmartinc, rowaters, rstancel, security-response-team, smaestri, sthorger, tom.jenkinson |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Reference element used to specify the signed element. This flaw allows attackers to create crafted responses that can bypass the validation, potentially leading to privilege escalation or impersonation attacks.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Deadline: | 2024-09-19 | ||
|
Description
OSIDB Bzimport
2024-09-11 13:13:17 UTC
This issue has been addressed in the following products: Red Hat Single Sign-On 7.6 for RHEL 7 Via RHSA-2024:6878 https://access.redhat.com/errata/RHSA-2024:6878 This issue has been addressed in the following products: Red Hat Single Sign-On 7.6 for RHEL 8 Via RHSA-2024:6879 https://access.redhat.com/errata/RHSA-2024:6879 This issue has been addressed in the following products: Red Hat Single Sign-On 7.6 for RHEL 9 Via RHSA-2024:6880 https://access.redhat.com/errata/RHSA-2024:6880 This issue has been addressed in the following products: RHEL-8 based Middleware Containers Via RHSA-2024:6882 https://access.redhat.com/errata/RHSA-2024:6882 This issue has been addressed in the following products: Red Hat Single Sign-On Via RHSA-2024:6886 https://access.redhat.com/errata/RHSA-2024:6886 This issue has been addressed in the following products: Red Hat build of Keycloak 22 Via RHSA-2024:6888 https://access.redhat.com/errata/RHSA-2024:6888 This issue has been addressed in the following products: Red Hat build of Keycloak 22 Via RHSA-2024:6890 https://access.redhat.com/errata/RHSA-2024:6890 This issue has been addressed in the following products: Red Hat build of Keycloak 22 Via RHSA-2024:6887 https://access.redhat.com/errata/RHSA-2024:6887 This issue has been addressed in the following products: Red Hat build of Keycloak 24 Via RHSA-2024:6889 https://access.redhat.com/errata/RHSA-2024:6889 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Via RHSA-2024:8824 https://access.redhat.com/errata/RHSA-2024:8824 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Via RHSA-2024:8823 https://access.redhat.com/errata/RHSA-2024:8823 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform Via RHSA-2024:8826 https://access.redhat.com/errata/RHSA-2024:8826 |