Action not permitted
Modal body text goes here.
CVE-2020-10770
Vulnerability from cvelistv5
Published
2020-12-15 00:00
Modified
2024-08-04 11:14
Severity
Summary
A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack.
References
| Source | URL | Tags |
|---|---|---|
| secalert@redhat.com | http://packetstormsecurity.com/files/164499/Keycloak-12.0.1-Server-Side-Request-Forgery.html | Exploit, Third Party Advisory, VDB Entry |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1846270 | Issue Tracking, Vendor Advisory |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:14:15.437Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1846270"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/164499/Keycloak-12.0.1-Server-Side-Request-Forgery.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "keycloak",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "keycloak 13.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-07T00:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1846270"
},
{
"url": "http://packetstormsecurity.com/files/164499/Keycloak-12.0.1-Server-Side-Request-Forgery.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-10770",
"datePublished": "2020-12-15T00:00:00",
"dateReserved": "2020-03-20T00:00:00",
"dateUpdated": "2024-08-04T11:14:15.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2020-10770\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2020-12-15T20:15:14.853\",\"lastModified\":\"2022-11-10T04:24:27.007\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 un fallo en Keycloak versiones anteriores a 13.0.0, donde es posible forzar al servidor a llamar a una URL no verificada usando el par\u00e1metro OIDC request_uri.\u0026#xa0;Este fallo permite a un atacante usar este par\u00e1metro para ejecutar un ataque de tipo Server-side request forgery (SSRF)\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.0},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-918\"}]},{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-918\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12.0.2\",\"matchCriteriaId\":\"B06C1F35-09FE-443C-A567-8876632EC175\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/164499/Keycloak-12.0.1-Server-Side-Request-Forgery.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1846270\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]}]}}"
}
}
rhsa-2021_0320
Vulnerability from csaf_redhat
Published
2021-02-01 13:46
Modified
2024-09-13 22:12
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.4.5 security update on RHEL 8
Notes
Topic
New Red Hat Single Sign-On 7.4.5 packages are now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.4.5 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.4.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* keycloak: Default Client configuration is vulnerable to SSRF using "request_uri" parameter (CVE-2020-10770)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "New Red Hat Single Sign-On 7.4.5 packages are now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.4.5 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.4.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* keycloak: Default Client configuration is vulnerable to SSRF using \"request_uri\" parameter (CVE-2020-10770)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:0320",
"url": "https://access.redhat.com/errata/RHSA-2021:0320"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.4/html/release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.4/html/release_notes/index"
},
{
"category": "external",
"summary": "1846270",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1846270"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2021/rhsa-2021_0320.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.4.5 security update on RHEL 8",
"tracking": {
"current_release_date": "2024-09-13T22:12:29+00:00",
"generator": {
"date": "2024-09-13T22:12:29+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2021:0320",
"initial_release_date": "2021-02-01T13:46:56+00:00",
"revision_history": [
{
"date": "2021-02-01T13:46:56+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-02-01T13:46:56+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-13T22:12:29+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Single Sign-On 7.4 for RHEL 8",
"product": {
"name": "Red Hat Single Sign-On 7.4 for RHEL 8",
"product_id": "8Base-RHSSO-7.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Single Sign-On"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el8sso.src",
"product": {
"name": "rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el8sso.src",
"product_id": "rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el8sso.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-sso7-keycloak@9.0.11-1.redhat_00001.1.el8sso?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el8sso.noarch",
"product": {
"name": "rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el8sso.noarch",
"product_id": "rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el8sso.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-sso7-keycloak@9.0.11-1.redhat_00001.1.el8sso?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-sso7-keycloak-server-0:9.0.11-1.redhat_00001.1.el8sso.noarch",
"product": {
"name": "rh-sso7-keycloak-server-0:9.0.11-1.redhat_00001.1.el8sso.noarch",
"product_id": "rh-sso7-keycloak-server-0:9.0.11-1.redhat_00001.1.el8sso.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-sso7-keycloak-server@9.0.11-1.redhat_00001.1.el8sso?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el8sso.noarch as a component of Red Hat Single Sign-On 7.4 for RHEL 8",
"product_id": "8Base-RHSSO-7.4:rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el8sso.noarch"
},
"product_reference": "rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el8sso.noarch",
"relates_to_product_reference": "8Base-RHSSO-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el8sso.src as a component of Red Hat Single Sign-On 7.4 for RHEL 8",
"product_id": "8Base-RHSSO-7.4:rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el8sso.src"
},
"product_reference": "rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el8sso.src",
"relates_to_product_reference": "8Base-RHSSO-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-sso7-keycloak-server-0:9.0.11-1.redhat_00001.1.el8sso.noarch as a component of Red Hat Single Sign-On 7.4 for RHEL 8",
"product_id": "8Base-RHSSO-7.4:rh-sso7-keycloak-server-0:9.0.11-1.redhat_00001.1.el8sso.noarch"
},
"product_reference": "rh-sso7-keycloak-server-0:9.0.11-1.redhat_00001.1.el8sso.noarch",
"relates_to_product_reference": "8Base-RHSSO-7.4"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Lauritz Holtmann"
],
"organization": "Chair for Network and Data Security at Ruhr University Bochum"
}
],
"cve": "CVE-2020-10770",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2020-06-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1846270"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Keycloak, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: Default Client configuration is vulnerable to SSRF using \"request_uri\" parameter",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHSSO-7.4:rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el8sso.noarch",
"8Base-RHSSO-7.4:rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el8sso.src",
"8Base-RHSSO-7.4:rh-sso7-keycloak-server-0:9.0.11-1.redhat_00001.1.el8sso.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10770"
},
{
"category": "external",
"summary": "RHBZ#1846270",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1846270"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10770",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10770"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10770",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10770"
}
],
"release_date": "2020-11-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHSSO-7.4:rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el8sso.noarch",
"8Base-RHSSO-7.4:rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el8sso.src",
"8Base-RHSSO-7.4:rh-sso7-keycloak-server-0:9.0.11-1.redhat_00001.1.el8sso.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0320"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-RHSSO-7.4:rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el8sso.noarch",
"8Base-RHSSO-7.4:rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el8sso.src",
"8Base-RHSSO-7.4:rh-sso7-keycloak-server-0:9.0.11-1.redhat_00001.1.el8sso.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "keycloak: Default Client configuration is vulnerable to SSRF using \"request_uri\" parameter"
}
]
}
rhsa-2021_0318
Vulnerability from csaf_redhat
Published
2021-02-01 13:46
Modified
2024-09-13 22:12
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.4.5 security update on RHEL 6
Notes
Topic
New Red Hat Single Sign-On 7.4.5 packages are now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.4.5 on RHEL 6 serves as a replacement for Red Hat Single Sign-On 7.4.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* keycloak: Default Client configuration is vulnerable to SSRF using "request_uri" parameter (CVE-2020-10770)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "New Red Hat Single Sign-On 7.4.5 packages are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.4.5 on RHEL 6 serves as a replacement for Red Hat Single Sign-On 7.4.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* keycloak: Default Client configuration is vulnerable to SSRF using \"request_uri\" parameter (CVE-2020-10770)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:0318",
"url": "https://access.redhat.com/errata/RHSA-2021:0318"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.4/html/release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.4/html/release_notes/index"
},
{
"category": "external",
"summary": "1846270",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1846270"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2021/rhsa-2021_0318.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.4.5 security update on RHEL 6",
"tracking": {
"current_release_date": "2024-09-13T22:12:16+00:00",
"generator": {
"date": "2024-09-13T22:12:16+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2021:0318",
"initial_release_date": "2021-02-01T13:46:49+00:00",
"revision_history": [
{
"date": "2021-02-01T13:46:49+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-02-01T13:46:49+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-13T22:12:16+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Single Sign-On 7.4 for RHEL 6 Server",
"product": {
"name": "Red Hat Single Sign-On 7.4 for RHEL 6 Server",
"product_id": "6Server-RHSSO-7.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7::el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Single Sign-On"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el6sso.src",
"product": {
"name": "rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el6sso.src",
"product_id": "rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el6sso.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-sso7-keycloak@9.0.11-1.redhat_00001.1.el6sso?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el6sso.noarch",
"product": {
"name": "rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el6sso.noarch",
"product_id": "rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el6sso.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-sso7-keycloak@9.0.11-1.redhat_00001.1.el6sso?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-sso7-keycloak-server-0:9.0.11-1.redhat_00001.1.el6sso.noarch",
"product": {
"name": "rh-sso7-keycloak-server-0:9.0.11-1.redhat_00001.1.el6sso.noarch",
"product_id": "rh-sso7-keycloak-server-0:9.0.11-1.redhat_00001.1.el6sso.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-sso7-keycloak-server@9.0.11-1.redhat_00001.1.el6sso?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el6sso.noarch as a component of Red Hat Single Sign-On 7.4 for RHEL 6 Server",
"product_id": "6Server-RHSSO-7.4:rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el6sso.noarch"
},
"product_reference": "rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el6sso.noarch",
"relates_to_product_reference": "6Server-RHSSO-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el6sso.src as a component of Red Hat Single Sign-On 7.4 for RHEL 6 Server",
"product_id": "6Server-RHSSO-7.4:rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el6sso.src"
},
"product_reference": "rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el6sso.src",
"relates_to_product_reference": "6Server-RHSSO-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-sso7-keycloak-server-0:9.0.11-1.redhat_00001.1.el6sso.noarch as a component of Red Hat Single Sign-On 7.4 for RHEL 6 Server",
"product_id": "6Server-RHSSO-7.4:rh-sso7-keycloak-server-0:9.0.11-1.redhat_00001.1.el6sso.noarch"
},
"product_reference": "rh-sso7-keycloak-server-0:9.0.11-1.redhat_00001.1.el6sso.noarch",
"relates_to_product_reference": "6Server-RHSSO-7.4"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Lauritz Holtmann"
],
"organization": "Chair for Network and Data Security at Ruhr University Bochum"
}
],
"cve": "CVE-2020-10770",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2020-06-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1846270"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Keycloak, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: Default Client configuration is vulnerable to SSRF using \"request_uri\" parameter",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSSO-7.4:rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el6sso.noarch",
"6Server-RHSSO-7.4:rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el6sso.src",
"6Server-RHSSO-7.4:rh-sso7-keycloak-server-0:9.0.11-1.redhat_00001.1.el6sso.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10770"
},
{
"category": "external",
"summary": "RHBZ#1846270",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1846270"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10770",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10770"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10770",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10770"
}
],
"release_date": "2020-11-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSSO-7.4:rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el6sso.noarch",
"6Server-RHSSO-7.4:rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el6sso.src",
"6Server-RHSSO-7.4:rh-sso7-keycloak-server-0:9.0.11-1.redhat_00001.1.el6sso.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0318"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"6Server-RHSSO-7.4:rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el6sso.noarch",
"6Server-RHSSO-7.4:rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el6sso.src",
"6Server-RHSSO-7.4:rh-sso7-keycloak-server-0:9.0.11-1.redhat_00001.1.el6sso.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "keycloak: Default Client configuration is vulnerable to SSRF using \"request_uri\" parameter"
}
]
}
rhsa-2021_0327
Vulnerability from csaf_redhat
Published
2021-02-01 18:56
Modified
2024-09-13 22:12
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.4.5 security update
Notes
Topic
A security update is now available for Red Hat Single Sign-On 7.4 from the Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.4.5 serves as a replacement for Red Hat Single Sign-On 7.4.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* undertow: special character in query results in server errors (CVE-2020-27782)
* keycloak: Default Client configuration is vulnerable to SSRF using "request_uri" parameter (CVE-2020-10770)
* apache-httpclient: incorrect handling of malformed authority component in request URIs (CVE-2020-13956)
* wildfly: resource adapter logs plaintext JMS password at warning level on connection error (CVE-2020-25640)
* wildfly-core: memory leak in WildFly host-controller in domain mode while not able to reconnect to domain-controller (CVE-2020-25689)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A security update is now available for Red Hat Single Sign-On 7.4 from the Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.4.5 serves as a replacement for Red Hat Single Sign-On 7.4.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* undertow: special character in query results in server errors (CVE-2020-27782)\n\n* keycloak: Default Client configuration is vulnerable to SSRF using \"request_uri\" parameter (CVE-2020-10770)\n\n* apache-httpclient: incorrect handling of malformed authority component in request URIs (CVE-2020-13956)\n\n* wildfly: resource adapter logs plaintext JMS password at warning level on connection error (CVE-2020-25640)\n\n* wildfly-core: memory leak in WildFly host-controller in domain mode while not able to reconnect to domain-controller (CVE-2020-25689)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:0327",
"url": "https://access.redhat.com/errata/RHSA-2021:0327"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=core.service.rhsso\u0026version=7.4",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=core.service.rhsso\u0026version=7.4"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.4/html/release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.4/html/release_notes/index"
},
{
"category": "external",
"summary": "1846270",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1846270"
},
{
"category": "external",
"summary": "1881637",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881637"
},
{
"category": "external",
"summary": "1886587",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886587"
},
{
"category": "external",
"summary": "1893070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1893070"
},
{
"category": "external",
"summary": "1901304",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901304"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2021/rhsa-2021_0327.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.4.5 security update",
"tracking": {
"current_release_date": "2024-09-13T22:12:36+00:00",
"generator": {
"date": "2024-09-13T22:12:36+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2021:0327",
"initial_release_date": "2021-02-01T18:56:14+00:00",
"revision_history": [
{
"date": "2021-02-01T18:56:14+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-02-01T18:56:14+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-13T22:12:36+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Single Sign-On 7.4.5",
"product": {
"name": "Red Hat Single Sign-On 7.4.5",
"product_id": "Red Hat Single Sign-On 7.4.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Single Sign-On"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Lauritz Holtmann"
],
"organization": "Chair for Network and Data Security at Ruhr University Bochum"
}
],
"cve": "CVE-2020-10770",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2020-06-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1846270"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Keycloak, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: Default Client configuration is vulnerable to SSRF using \"request_uri\" parameter",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.4.5"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10770"
},
{
"category": "external",
"summary": "RHBZ#1846270",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1846270"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10770",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10770"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10770",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10770"
}
],
"release_date": "2020-11-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.4.5"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0327"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7.4.5"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "keycloak: Default Client configuration is vulnerable to SSRF using \"request_uri\" parameter"
},
{
"cve": "CVE-2020-13956",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2020-10-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1886587"
}
],
"notes": [
{
"category": "description",
"text": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-httpclient: incorrect handling of malformed authority component in request URIs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP) the affected components are behind OpenShift OAuth authentication. This restricts access to the vulnerable httpclient library to authenticated users only. Additionally the vulnerable httpclient library is not used directly in OCP components, therefore the impact by this vulnerability is Low.\nIn OCP 4 there are no plans to maintain ose-logging-elasticsearch5 container, hence marked as wontfix.\n\nIn the Red Hat Enterprise Linux platforms, Maven 35 and 36 are affected via their respective `httpcomponents-client` component.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.4.5"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-13956"
},
{
"category": "external",
"summary": "RHBZ#1886587",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886587"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-13956",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13956"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-13956",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13956"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2020/10/08/4",
"url": "https://www.openwall.com/lists/oss-security/2020/10/08/4"
}
],
"release_date": "2020-10-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.4.5"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0327"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7.4.5"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apache-httpclient: incorrect handling of malformed authority component in request URIs"
},
{
"cve": "CVE-2020-25633",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"discovery_date": "2020-09-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1879042"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. This flaw allows client users to obtain the server\u0027s potentially sensitive information when the server receives the WebApplicationException from the RESTEasy client call. The highest threat from this vulnerability is to confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "resteasy-client: potential sensitive information leakage in JAX-RS RESTEasy Client\u0027s WebApplicationException handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.4.5"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-25633"
},
{
"category": "external",
"summary": "RHBZ#1879042",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879042"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-25633",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25633"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25633",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25633"
}
],
"release_date": "2020-09-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.4.5"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0327"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7.4.5"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "resteasy-client: potential sensitive information leakage in JAX-RS RESTEasy Client\u0027s WebApplicationException handling"
},
{
"cve": "CVE-2020-25640",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"discovery_date": "2020-09-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1881637"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in wildfly. JMS passwords are logged by the resource adaptor in plain text at the warning level when a connection error occurs allowing any user that has access to the log to gain access to this sensitive information. The highest threat from this vulnerability is to data confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: resource adapter logs plaintext JMS password at warning level on connection error",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.4.5"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-25640"
},
{
"category": "external",
"summary": "RHBZ#1881637",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881637"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-25640",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25640"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25640",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25640"
},
{
"category": "external",
"summary": "https://github.com/amqphub/amqp-10-resource-adapter/issues/13",
"url": "https://github.com/amqphub/amqp-10-resource-adapter/issues/13"
}
],
"release_date": "2020-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.4.5"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0327"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7.4.5"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: resource adapter logs plaintext JMS password at warning level on connection error"
},
{
"cve": "CVE-2020-25689",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"discovery_date": "2020-10-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1893070"
}
],
"notes": [
{
"category": "description",
"text": "A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where the host-controller tries to reconnect in a loop, generating new connections that are not properly closed while unable to connect to the domain controller. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly-core: memory leak in WildFly host-controller in domain mode while not able to reconnect to domain-controller",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.4.5"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-25689"
},
{
"category": "external",
"summary": "RHBZ#1893070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1893070"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-25689",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25689"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25689",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25689"
}
],
"release_date": "2020-10-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.4.5"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0327"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7.4.5"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly-core: memory leak in WildFly host-controller in domain mode while not able to reconnect to domain-controller"
},
{
"cve": "CVE-2020-27782",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-11-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1901304"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: special character in query results in server errors",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.4.5"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-27782"
},
{
"category": "external",
"summary": "RHBZ#1901304",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901304"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-27782",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27782"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-27782",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27782"
}
],
"release_date": "2021-01-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.4.5"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0327"
},
{
"category": "workaround",
"details": "The issue can be mitigated by using HTTP/1.1 instead of AJP to proxy to the back-end.",
"product_ids": [
"Red Hat Single Sign-On 7.4.5"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7.4.5"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: special character in query results in server errors"
},
{
"cve": "CVE-2020-27822",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"discovery_date": "2020-12-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1904060"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly. When an application uses the OpenTracing API\u0027s java-interceptors, there is a possibility of a memory leak. This flaw allows an attacker to impact the availability of the server. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: Potential Memory leak in Wildfly when using OpenTracing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.4.5"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-27822"
},
{
"category": "external",
"summary": "RHBZ#1904060",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1904060"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-27822",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27822"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-27822",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27822"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/WFLY-14094",
"url": "https://issues.redhat.com/browse/WFLY-14094"
}
],
"release_date": "2020-12-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.4.5"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0327"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7.4.5"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: Potential Memory leak in Wildfly when using OpenTracing"
}
]
}
rhsa-2021_0319
Vulnerability from csaf_redhat
Published
2021-02-01 13:47
Modified
2024-09-13 22:12
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.4.5 security update on RHEL 7
Notes
Topic
New Red Hat Single Sign-On 7.4.5 packages are now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.4.5 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.4.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* keycloak: Default Client configuration is vulnerable to SSRF using "request_uri" parameter (CVE-2020-10770)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "New Red Hat Single Sign-On 7.4.5 packages are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.4.5 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.4.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* keycloak: Default Client configuration is vulnerable to SSRF using \"request_uri\" parameter (CVE-2020-10770)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:0319",
"url": "https://access.redhat.com/errata/RHSA-2021:0319"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.4/html/release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.4/html/release_notes/index"
},
{
"category": "external",
"summary": "1846270",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1846270"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2021/rhsa-2021_0319.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.4.5 security update on RHEL 7",
"tracking": {
"current_release_date": "2024-09-13T22:12:23+00:00",
"generator": {
"date": "2024-09-13T22:12:23+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2021:0319",
"initial_release_date": "2021-02-01T13:47:03+00:00",
"revision_history": [
{
"date": "2021-02-01T13:47:03+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-02-01T13:47:03+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-13T22:12:23+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Single Sign-On 7.4 for RHEL 7 Server",
"product": {
"name": "Red Hat Single Sign-On 7.4 for RHEL 7 Server",
"product_id": "7Server-RHSSO-7.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Single Sign-On"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el7sso.src",
"product": {
"name": "rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el7sso.src",
"product_id": "rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el7sso.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-sso7-keycloak@9.0.11-1.redhat_00001.1.el7sso?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el7sso.noarch",
"product": {
"name": "rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el7sso.noarch",
"product_id": "rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el7sso.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-sso7-keycloak@9.0.11-1.redhat_00001.1.el7sso?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-sso7-keycloak-server-0:9.0.11-1.redhat_00001.1.el7sso.noarch",
"product": {
"name": "rh-sso7-keycloak-server-0:9.0.11-1.redhat_00001.1.el7sso.noarch",
"product_id": "rh-sso7-keycloak-server-0:9.0.11-1.redhat_00001.1.el7sso.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-sso7-keycloak-server@9.0.11-1.redhat_00001.1.el7sso?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el7sso.noarch as a component of Red Hat Single Sign-On 7.4 for RHEL 7 Server",
"product_id": "7Server-RHSSO-7.4:rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el7sso.noarch"
},
"product_reference": "rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el7sso.noarch",
"relates_to_product_reference": "7Server-RHSSO-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el7sso.src as a component of Red Hat Single Sign-On 7.4 for RHEL 7 Server",
"product_id": "7Server-RHSSO-7.4:rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el7sso.src"
},
"product_reference": "rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el7sso.src",
"relates_to_product_reference": "7Server-RHSSO-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-sso7-keycloak-server-0:9.0.11-1.redhat_00001.1.el7sso.noarch as a component of Red Hat Single Sign-On 7.4 for RHEL 7 Server",
"product_id": "7Server-RHSSO-7.4:rh-sso7-keycloak-server-0:9.0.11-1.redhat_00001.1.el7sso.noarch"
},
"product_reference": "rh-sso7-keycloak-server-0:9.0.11-1.redhat_00001.1.el7sso.noarch",
"relates_to_product_reference": "7Server-RHSSO-7.4"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Lauritz Holtmann"
],
"organization": "Chair for Network and Data Security at Ruhr University Bochum"
}
],
"cve": "CVE-2020-10770",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2020-06-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1846270"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Keycloak, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: Default Client configuration is vulnerable to SSRF using \"request_uri\" parameter",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHSSO-7.4:rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el7sso.noarch",
"7Server-RHSSO-7.4:rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el7sso.src",
"7Server-RHSSO-7.4:rh-sso7-keycloak-server-0:9.0.11-1.redhat_00001.1.el7sso.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10770"
},
{
"category": "external",
"summary": "RHBZ#1846270",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1846270"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10770",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10770"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10770",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10770"
}
],
"release_date": "2020-11-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RHSSO-7.4:rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el7sso.noarch",
"7Server-RHSSO-7.4:rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el7sso.src",
"7Server-RHSSO-7.4:rh-sso7-keycloak-server-0:9.0.11-1.redhat_00001.1.el7sso.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0319"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"7Server-RHSSO-7.4:rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el7sso.noarch",
"7Server-RHSSO-7.4:rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el7sso.src",
"7Server-RHSSO-7.4:rh-sso7-keycloak-server-0:9.0.11-1.redhat_00001.1.el7sso.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "keycloak: Default Client configuration is vulnerable to SSRF using \"request_uri\" parameter"
}
]
}
ghsa-jh7q-5mwf-qvhw
Vulnerability from github
Published
2022-05-24 17:36
Modified
2022-10-07 21:28
Severity
Summary
Keycloak vulnerable to Server-Side Request Forgery
Details
A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.keycloak:keycloak-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-10770"
],
"database_specific": {
"cwe_ids": [
"CWE-601",
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2022-10-07T21:28:47Z",
"nvd_published_at": "2020-12-15T20:15:00Z",
"severity": "MODERATE"
},
"details": "A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter `request_uri`. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack.",
"id": "GHSA-jh7q-5mwf-qvhw",
"modified": "2022-10-07T21:28:47Z",
"published": "2022-05-24T17:36:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10770"
},
{
"type": "WEB",
"url": "https://github.com/keycloak/keycloak-documentation/pull/1086"
},
{
"type": "WEB",
"url": "https://github.com/keycloak/keycloak/pull/7714"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1846270"
},
{
"type": "PACKAGE",
"url": "https://github.com/keycloak/keycloak"
},
{
"type": "WEB",
"url": "https://issues.redhat.com/browse/KEYCLOAK-14019"
},
{
"type": "WEB",
"url": "https://issues.redhat.com/browse/KEYCLOAK-3426"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/164499/Keycloak-12.0.1-Server-Side-Request-Forgery.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Keycloak vulnerable to Server-Side Request Forgery"
}
gsd-2020-10770
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-10770",
"description": "A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack.",
"id": "GSD-2020-10770",
"references": [
"https://access.redhat.com/errata/RHSA-2021:0327",
"https://access.redhat.com/errata/RHSA-2021:0320",
"https://access.redhat.com/errata/RHSA-2021:0319",
"https://access.redhat.com/errata/RHSA-2021:0318",
"https://security.archlinux.org/CVE-2020-10770",
"https://packetstormsecurity.com/files/cve/CVE-2020-10770"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-10770"
],
"details": "A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack.",
"id": "GSD-2020-10770",
"modified": "2023-12-13T01:22:04.489415Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-10770",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "keycloak",
"version": {
"version_data": [
{
"version_value": "keycloak 13.0.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1846270",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1846270"
},
{
"name": "http://packetstormsecurity.com/files/164499/Keycloak-12.0.1-Server-Side-Request-Forgery.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/164499/Keycloak-12.0.1-Server-Side-Request-Forgery.html"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "(,12.0.2)",
"affected_versions": "All versions before 12.0.2",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-918",
"CWE-937"
],
"date": "2021-10-26",
"description": "A flaw was found in Keycloak, where it is possible to force the server to call out an unverified URL using the `OIDC` parameter `request_uri`. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack.",
"fixed_versions": [
"12.0.2"
],
"identifier": "CVE-2020-10770",
"identifiers": [
"CVE-2020-10770"
],
"not_impacted": "All versions starting from 12.0.2",
"package_slug": "maven/org.keycloak/keycloak-core",
"pubdate": "2020-12-15",
"solution": "Upgrade to version 12.0.2 or above.",
"title": "Server-Side Request Forgery (SSRF)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-10770",
"https://bugzilla.redhat.com/show_bug.cgi?id=1846270",
"https://github.com/keycloak/keycloak/commit/55a064a978b0b7e0f0b93c33931f7dabe7d0d5e2"
],
"uuid": "f78fccc7-83bc-4329-9957-391e27f7098f"
},
{
"affected_range": "(,12.0.2)",
"affected_versions": "All versions before 12.0.2",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-918",
"CWE-937"
],
"date": "2021-10-26",
"description": "A flaw was found in Keycloak, where it is possible to force the server to call out an unverified URL using the `OIDC` parameter `request_uri`. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack.",
"fixed_versions": [
"12.0.2"
],
"identifier": "CVE-2020-10770",
"identifiers": [
"CVE-2020-10770"
],
"not_impacted": "All versions starting from 12.0.2",
"package_slug": "maven/org.keycloak/keycloak-model-jpa",
"pubdate": "2020-12-15",
"solution": "Upgrade to version 12.0.2 or above.",
"title": "Server-Side Request Forgery (SSRF)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-10770",
"https://bugzilla.redhat.com/show_bug.cgi?id=1846270",
"https://github.com/keycloak/keycloak/commit/55a064a978b0b7e0f0b93c33931f7dabe7d0d5e2"
],
"uuid": "b77759cc-bdae-40a0-b555-44312f7e43d2"
},
{
"affected_range": "(,12.0.2)",
"affected_versions": "All versions before 12.0.2",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-918",
"CWE-937"
],
"date": "2021-10-26",
"description": "A flaw was found in Keycloak, where it is possible to force the server to call out an unverified URL using the `OIDC` parameter `request_uri`. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack.",
"fixed_versions": [
"12.0.2"
],
"identifier": "CVE-2020-10770",
"identifiers": [
"CVE-2020-10770"
],
"not_impacted": "All versions starting from 12.0.2",
"package_slug": "maven/org.keycloak/keycloak-server-spi-private",
"pubdate": "2020-12-15",
"solution": "Upgrade to version 12.0.2 or above.",
"title": "Server-Side Request Forgery (SSRF)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-10770",
"https://bugzilla.redhat.com/show_bug.cgi?id=1846270",
"https://github.com/keycloak/keycloak/commit/55a064a978b0b7e0f0b93c33931f7dabe7d0d5e2"
],
"uuid": "73d15579-7cfa-4e62-bd50-464b0af6b9d8"
},
{
"affected_range": "(,12.0.2)",
"affected_versions": "All versions before 12.0.2",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-918",
"CWE-937"
],
"date": "2021-10-26",
"description": "A flaw was found in Keycloak, where it is possible to force the server to call out an unverified URL using the `OIDC` parameter `request_uri`. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack.",
"fixed_versions": [
"12.0.2"
],
"identifier": "CVE-2020-10770",
"identifiers": [
"CVE-2020-10770"
],
"not_impacted": "All versions starting from 12.0.2",
"package_slug": "maven/org.keycloak/keycloak-services",
"pubdate": "2020-12-15",
"solution": "Upgrade to version 12.0.2 or above.",
"title": "Server-Side Request Forgery (SSRF)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-10770",
"https://bugzilla.redhat.com/show_bug.cgi?id=1846270",
"https://github.com/keycloak/keycloak/commit/55a064a978b0b7e0f0b93c33931f7dabe7d0d5e2"
],
"uuid": "3a2866ae-7004-42fd-a8ec-ba0c672ccca6"
},
{
"affected_range": "(,12.0.2)",
"affected_versions": "All versions before 12.0.2",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-918",
"CWE-937"
],
"date": "2021-10-26",
"description": "A flaw was found in Keycloak, where it is possible to force the server to call out an unverified URL using the `OIDC` parameter `request_uri`. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack.",
"fixed_versions": [
"12.0.2"
],
"identifier": "CVE-2020-10770",
"identifiers": [
"CVE-2020-10770"
],
"not_impacted": "All versions starting from 12.0.2",
"package_slug": "maven/org.keycloak/keycloak-wildfly-server-subsystem",
"pubdate": "2020-12-15",
"solution": "Upgrade to version 12.0.2 or above.",
"title": "Server-Side Request Forgery (SSRF)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-10770",
"https://bugzilla.redhat.com/show_bug.cgi?id=1846270",
"https://github.com/keycloak/keycloak/commit/55a064a978b0b7e0f0b93c33931f7dabe7d0d5e2"
],
"uuid": "1d5252ab-0110-43db-b6ac-f77460f0003d"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.0.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-10770"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1846270",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1846270"
},
{
"name": "http://packetstormsecurity.com/files/164499/Keycloak-12.0.1-Server-Side-Request-Forgery.html",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/164499/Keycloak-12.0.1-Server-Side-Request-Forgery.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
},
"lastModifiedDate": "2022-11-10T04:24Z",
"publishedDate": "2020-12-15T20:15Z"
}
}
}
Loading...