Vulnerability-Lookup

CVE-2020-10770 (GCVE-0-2020-10770)

Vulnerability from cvelistv5 – Published: 2020-12-15 00:00 – Updated: 2024-08-04 11:14

Summary

A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack.

Severity

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE

CWE-918

Assigner

redhat

References

2 references

URL	Tags
https://bugzilla.redhat.com/show_bug.cgi?id=1846270
http://packetstormsecurity.com/files/164499/Keycl…

Impacted products

1 product

Vendor	Product	Version
n/a	keycloak	Affected: keycloak 13.0.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:14:15.437Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1846270"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/164499/Keycloak-12.0.1-Server-Side-Request-Forgery.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "keycloak",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "keycloak 13.0.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-918",
              "description": "CWE-918",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-07T00:00:00.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1846270"
        },
        {
          "url": "http://packetstormsecurity.com/files/164499/Keycloak-12.0.1-Server-Side-Request-Forgery.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2020-10770",
    "datePublished": "2020-12-15T00:00:00.000Z",
    "dateReserved": "2020-03-20T00:00:00.000Z",
    "dateUpdated": "2024-08-04T11:14:15.437Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2020-10770",
      "date": "2026-06-15",
      "epss": "0.69724",
      "percentile": "0.9928"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"12.0.2\", \"matchCriteriaId\": \"B06C1F35-09FE-443C-A567-8876632EC175\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack.\"}, {\"lang\": \"es\", \"value\": \"Se encontr\\u00f3 un fallo en Keycloak versiones anteriores a 13.0.0, donde es posible forzar al servidor a llamar a una URL no verificada usando el par\\u00e1metro OIDC request_uri.\u0026#xa0;Este fallo permite a un atacante usar este par\\u00e1metro para ejecutar un ataque de tipo Server-side request forgery (SSRF)\"}]",
      "id": "CVE-2020-10770",
      "lastModified": "2024-11-21T04:56:02.113",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:P/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-12-15T20:15:14.853",
      "references": "[{\"url\": \"http://packetstormsecurity.com/files/164499/Keycloak-12.0.1-Server-Side-Request-Forgery.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1846270\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\", \"Vendor Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/164499/Keycloak-12.0.1-Server-Side-Request-Forgery.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1846270\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "secalert@redhat.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"secalert@redhat.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-918\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-918\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-10770\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2020-12-15T20:15:14.853\",\"lastModified\":\"2024-11-21T04:56:02.113\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 un fallo en Keycloak versiones anteriores a 13.0.0, donde es posible forzar al servidor a llamar a una URL no verificada usando el par\u00e1metro OIDC request_uri.\u0026#xa0;Este fallo permite a un atacante usar este par\u00e1metro para ejecutar un ataque de tipo Server-side request forgery (SSRF)\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-918\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-918\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12.0.2\",\"matchCriteriaId\":\"B06C1F35-09FE-443C-A567-8876632EC175\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/164499/Keycloak-12.0.1-Server-Side-Request-Forgery.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1846270\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/164499/Keycloak-12.0.1-Server-Side-Request-Forgery.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1846270\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]}]}}"
  }
}

RHSA-2021_0320

Vulnerability from csaf_redhat - Published: 2021-02-01 13:46 - Updated: 2024-11-15 08:41

Summary

Red Hat Security Advisory: Red Hat Single Sign-On 7.4.5 security update on RHEL 8

Severity

Moderate

Notes

Topic: New Red Hat Single Sign-On 7.4.5 packages are now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2020-10770

A flaw was found in Keycloak, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack.

5.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

CWE-918 - Server-Side Request Forgery (SSRF)

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHSSO-7.4:rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el8sso.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-RHSSO-7.4:rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el8sso.src	—	Vendor Fix fix
Unresolved product id: 8Base-RHSSO-7.4:rh-sso7-keycloak-server-0:9.0.11-1.redhat_00001.1.el8sso.noarch	—	Vendor Fix fix

Threats

Impact Moderate

References

9 references

URL	Category
https://access.redhat.com/errata/RHSA-2021:0320	self
https://access.redhat.com/security/updates/classi…	external
https://access.redhat.com/documentation/en-us/red…	external
https://bugzilla.redhat.com/show_bug.cgi?id=1846270	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2020-10770	self
https://bugzilla.redhat.com/show_bug.cgi?id=1846270	external
https://www.cve.org/CVERecord?id=CVE-2020-10770	external
https://nvd.nist.gov/vuln/detail/CVE-2020-10770	external

Acknowledgments

Chair for Network and Data Security at Ruhr University Bochum Lauritz Holtmann

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "New Red Hat Single Sign-On 7.4.5 packages are now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.4.5 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.4.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* keycloak: Default Client configuration is vulnerable to SSRF using \"request_uri\" parameter (CVE-2020-10770)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:0320",
        "url": "https://access.redhat.com/errata/RHSA-2021:0320"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.4/html/release_notes/index",
        "url": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.4/html/release_notes/index"
      },
      {
        "category": "external",
        "summary": "1846270",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1846270"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_0320.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.4.5 security update on RHEL 8",
    "tracking": {
      "current_release_date": "2024-11-15T08:41:36+00:00",
      "generator": {
        "date": "2024-11-15T08:41:36+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2021:0320",
      "initial_release_date": "2021-02-01T13:46:56+00:00",
      "revision_history": [
        {
          "date": "2021-02-01T13:46:56+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-02-01T13:46:56+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-15T08:41:36+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Single Sign-On 7.4 for RHEL 8",
                "product": {
                  "name": "Red Hat Single Sign-On 7.4 for RHEL 8",
                  "product_id": "8Base-RHSSO-7.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Single Sign-On"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el8sso.src",
                "product": {
                  "name": "rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el8sso.src",
                  "product_id": "rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el8sso.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-sso7-keycloak@9.0.11-1.redhat_00001.1.el8sso?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el8sso.noarch",
                "product": {
                  "name": "rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el8sso.noarch",
                  "product_id": "rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el8sso.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-sso7-keycloak@9.0.11-1.redhat_00001.1.el8sso?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rh-sso7-keycloak-server-0:9.0.11-1.redhat_00001.1.el8sso.noarch",
                "product": {
                  "name": "rh-sso7-keycloak-server-0:9.0.11-1.redhat_00001.1.el8sso.noarch",
                  "product_id": "rh-sso7-keycloak-server-0:9.0.11-1.redhat_00001.1.el8sso.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-sso7-keycloak-server@9.0.11-1.redhat_00001.1.el8sso?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el8sso.noarch as a component of Red Hat Single Sign-On 7.4 for RHEL 8",
          "product_id": "8Base-RHSSO-7.4:rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el8sso.noarch"
        },
        "product_reference": "rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el8sso.noarch",
        "relates_to_product_reference": "8Base-RHSSO-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el8sso.src as a component of Red Hat Single Sign-On 7.4 for RHEL 8",
          "product_id": "8Base-RHSSO-7.4:rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el8sso.src"
        },
        "product_reference": "rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el8sso.src",
        "relates_to_product_reference": "8Base-RHSSO-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-sso7-keycloak-server-0:9.0.11-1.redhat_00001.1.el8sso.noarch as a component of Red Hat Single Sign-On 7.4 for RHEL 8",
          "product_id": "8Base-RHSSO-7.4:rh-sso7-keycloak-server-0:9.0.11-1.redhat_00001.1.el8sso.noarch"
        },
        "product_reference": "rh-sso7-keycloak-server-0:9.0.11-1.redhat_00001.1.el8sso.noarch",
        "relates_to_product_reference": "8Base-RHSSO-7.4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Lauritz Holtmann"
          ],
          "organization": "Chair for Network and Data Security at Ruhr University Bochum"
        }
      ],
      "cve": "CVE-2020-10770",
      "cwe": {
        "id": "CWE-918",
        "name": "Server-Side Request Forgery (SSRF)"
      },
      "discovery_date": "2020-06-11T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1846270"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Keycloak, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: Default Client configuration is vulnerable to SSRF using \"request_uri\" parameter",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHSSO-7.4:rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el8sso.noarch",
          "8Base-RHSSO-7.4:rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el8sso.src",
          "8Base-RHSSO-7.4:rh-sso7-keycloak-server-0:9.0.11-1.redhat_00001.1.el8sso.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-10770"
        },
        {
          "category": "external",
          "summary": "RHBZ#1846270",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1846270"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10770",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-10770"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10770",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10770"
        }
      ],
      "release_date": "2020-11-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-02-01T13:46:56+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHSSO-7.4:rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el8sso.noarch",
            "8Base-RHSSO-7.4:rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el8sso.src",
            "8Base-RHSSO-7.4:rh-sso7-keycloak-server-0:9.0.11-1.redhat_00001.1.el8sso.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0320"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "8Base-RHSSO-7.4:rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el8sso.noarch",
            "8Base-RHSSO-7.4:rh-sso7-keycloak-0:9.0.11-1.redhat_00001.1.el8sso.src",
            "8Base-RHSSO-7.4:rh-sso7-keycloak-server-0:9.0.11-1.redhat_00001.1.el8sso.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "keycloak: Default Client configuration is vulnerable to SSRF using \"request_uri\" parameter"
    }
  ]
}

RHSA-2021_0327

Vulnerability from csaf_redhat - Published: 2021-02-01 18:56 - Updated: 2024-11-22 23:42

Summary

Red Hat Security Advisory: Red Hat Single Sign-On 7.4.5 security update

Severity

Important

Notes

Topic: A security update is now available for Red Hat Single Sign-On 7.4 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.5 serves as a replacement for Red Hat Single Sign-On 7.4.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * undertow: special character in query results in server errors (CVE-2020-27782) * keycloak: Default Client configuration is vulnerable to SSRF using "request_uri" parameter (CVE-2020-10770) * apache-httpclient: incorrect handling of malformed authority component in request URIs (CVE-2020-13956) * wildfly: resource adapter logs plaintext JMS password at warning level on connection error (CVE-2020-25640) * wildfly-core: memory leak in WildFly host-controller in domain mode while not able to reconnect to domain-controller (CVE-2020-25689) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2020-10770

5.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

CWE-918 - Server-Side Request Forgery (SSRF)

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7.4.5 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2020-13956

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE-20 - Improper Input Validation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7.4.5 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2020-25633

A flaw was found in the RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. This flaw allows client users to obtain the server's potentially sensitive information when the server receives the WebApplicationException from the RESTEasy client call. The highest threat from this vulnerability is to confidentiality.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-209 - Generation of Error Message Containing Sensitive Information

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7.4.5 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2020-25640

A flaw was found in wildfly. JMS passwords are logged by the resource adaptor in plain text at the warning level when a connection error occurs allowing any user that has access to the log to gain access to this sensitive information. The highest threat from this vulnerability is to data confidentiality.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-532 - Insertion of Sensitive Information into Log File

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7.4.5 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2020-25689

A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where the host-controller tries to reconnect in a loop, generating new connections that are not properly closed while unable to connect to the domain controller. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat from this vulnerability is to system availability.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-401 - Missing Release of Memory after Effective Lifetime

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7.4.5 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2020-27782

A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7.4.5 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7`	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2020-27822

A flaw was found in Wildfly. When an application uses the OpenTracing API's java-interceptors, there is a possibility of a memory leak. This flaw allows an attacker to impact the availability of the server. The highest threat from this vulnerability is to system availability.

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-401 - Missing Release of Memory after Effective Lifetime

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7.4.5 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7`	—	Vendor Fix fix

Threats

Impact Moderate

References

41 references

URL	Category
https://access.redhat.com/errata/RHSA-2021:0327	self
https://access.redhat.com/security/updates/classi…	external
https://access.redhat.com/jbossnetwork/restricted…	external
https://access.redhat.com/documentation/en-us/red…	external
https://bugzilla.redhat.com/show_bug.cgi?id=1846270	external
https://bugzilla.redhat.com/show_bug.cgi?id=1881637	external
https://bugzilla.redhat.com/show_bug.cgi?id=1886587	external
https://bugzilla.redhat.com/show_bug.cgi?id=1893070	external
https://bugzilla.redhat.com/show_bug.cgi?id=1901304	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2020-10770	self
https://bugzilla.redhat.com/show_bug.cgi?id=1846270	external
https://www.cve.org/CVERecord?id=CVE-2020-10770	external
https://nvd.nist.gov/vuln/detail/CVE-2020-10770	external
https://access.redhat.com/security/cve/CVE-2020-13956	self
https://bugzilla.redhat.com/show_bug.cgi?id=1886587	external
https://www.cve.org/CVERecord?id=CVE-2020-13956	external
https://nvd.nist.gov/vuln/detail/CVE-2020-13956	external
https://www.openwall.com/lists/oss-security/2020/…	external
https://access.redhat.com/security/cve/CVE-2020-25633	self
https://bugzilla.redhat.com/show_bug.cgi?id=1879042	external
https://www.cve.org/CVERecord?id=CVE-2020-25633	external
https://nvd.nist.gov/vuln/detail/CVE-2020-25633	external
https://access.redhat.com/security/cve/CVE-2020-25640	self
https://bugzilla.redhat.com/show_bug.cgi?id=1881637	external
https://www.cve.org/CVERecord?id=CVE-2020-25640	external
https://nvd.nist.gov/vuln/detail/CVE-2020-25640	external
https://github.com/amqphub/amqp-10-resource-adapt…	external
https://access.redhat.com/security/cve/CVE-2020-25689	self
https://bugzilla.redhat.com/show_bug.cgi?id=1893070	external
https://www.cve.org/CVERecord?id=CVE-2020-25689	external
https://nvd.nist.gov/vuln/detail/CVE-2020-25689	external
https://access.redhat.com/security/cve/CVE-2020-27782	self
https://bugzilla.redhat.com/show_bug.cgi?id=1901304	external
https://www.cve.org/CVERecord?id=CVE-2020-27782	external
https://nvd.nist.gov/vuln/detail/CVE-2020-27782	external
https://access.redhat.com/security/cve/CVE-2020-27822	self
https://bugzilla.redhat.com/show_bug.cgi?id=1904060	external
https://www.cve.org/CVERecord?id=CVE-2020-27822	external
https://nvd.nist.gov/vuln/detail/CVE-2020-27822	external
https://issues.redhat.com/browse/WFLY-14094	external

Acknowledgments

Chair for Network and Data Security at Ruhr University Bochum Lauritz Holtmann

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "A security update is now available for Red Hat Single Sign-On 7.4 from the Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.4.5 serves as a replacement for Red Hat Single Sign-On 7.4.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* undertow: special character in query results in server errors (CVE-2020-27782)\n\n* keycloak: Default Client configuration is vulnerable to SSRF using \"request_uri\" parameter (CVE-2020-10770)\n\n* apache-httpclient: incorrect handling of malformed authority component in request URIs (CVE-2020-13956)\n\n* wildfly: resource adapter logs plaintext JMS password at warning level on connection error (CVE-2020-25640)\n\n* wildfly-core: memory leak in WildFly host-controller in domain mode while not able to reconnect to domain-controller (CVE-2020-25689)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:0327",
        "url": "https://access.redhat.com/errata/RHSA-2021:0327"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=core.service.rhsso\u0026version=7.4",
        "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=core.service.rhsso\u0026version=7.4"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.4/html/release_notes/index",
        "url": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.4/html/release_notes/index"
      },
      {
        "category": "external",
        "summary": "1846270",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1846270"
      },
      {
        "category": "external",
        "summary": "1881637",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881637"
      },
      {
        "category": "external",
        "summary": "1886587",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886587"
      },
      {
        "category": "external",
        "summary": "1893070",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1893070"
      },
      {
        "category": "external",
        "summary": "1901304",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901304"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_0327.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.4.5 security update",
    "tracking": {
      "current_release_date": "2024-11-22T23:42:35+00:00",
      "generator": {
        "date": "2024-11-22T23:42:35+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2021:0327",
      "initial_release_date": "2021-02-01T18:56:14+00:00",
      "revision_history": [
        {
          "date": "2021-02-01T18:56:14+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-02-01T18:56:14+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T23:42:35+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Single Sign-On 7.4.5",
                "product": {
                  "name": "Red Hat Single Sign-On 7.4.5",
                  "product_id": "Red Hat Single Sign-On 7.4.5",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Single Sign-On"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Lauritz Holtmann"
          ],
          "organization": "Chair for Network and Data Security at Ruhr University Bochum"
        }
      ],
      "cve": "CVE-2020-10770",
      "cwe": {
        "id": "CWE-918",
        "name": "Server-Side Request Forgery (SSRF)"
      },
      "discovery_date": "2020-06-11T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1846270"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Keycloak, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: Default Client configuration is vulnerable to SSRF using \"request_uri\" parameter",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7.4.5"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-10770"
        },
        {
          "category": "external",
          "summary": "RHBZ#1846270",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1846270"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10770",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-10770"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10770",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10770"
        }
      ],
      "release_date": "2020-11-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-02-01T18:56:14+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat Single Sign-On 7.4.5"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0327"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7.4.5"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "keycloak: Default Client configuration is vulnerable to SSRF using \"request_uri\" parameter"
    },
    {
      "cve": "CVE-2020-13956",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2020-10-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1886587"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "apache-httpclient: incorrect handling of malformed authority component in request URIs",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In OpenShift Container Platform (OCP) the affected components are behind OpenShift OAuth authentication. This restricts access to the vulnerable httpclient library to authenticated users only. Additionally the vulnerable httpclient library is not used directly in OCP components, therefore the impact by this vulnerability is Low.\nIn OCP 4 there are no plans to maintain ose-logging-elasticsearch5 container, hence marked as wontfix.\n\nIn the Red Hat Enterprise Linux platforms, Maven 35 and 36 are affected via their respective `httpcomponents-client` component.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7.4.5"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-13956"
        },
        {
          "category": "external",
          "summary": "RHBZ#1886587",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886587"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-13956",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-13956"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-13956",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13956"
        },
        {
          "category": "external",
          "summary": "https://www.openwall.com/lists/oss-security/2020/10/08/4",
          "url": "https://www.openwall.com/lists/oss-security/2020/10/08/4"
        }
      ],
      "release_date": "2020-10-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-02-01T18:56:14+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat Single Sign-On 7.4.5"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0327"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7.4.5"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "apache-httpclient: incorrect handling of malformed authority component in request URIs"
    },
    {
      "cve": "CVE-2020-25633",
      "cwe": {
        "id": "CWE-209",
        "name": "Generation of Error Message Containing Sensitive Information"
      },
      "discovery_date": "2020-09-09T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1879042"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. This flaw allows client users to obtain the server\u0027s potentially sensitive information when the server receives the WebApplicationException from the RESTEasy client call. The highest threat from this vulnerability is to confidentiality.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "resteasy-client: potential sensitive information leakage in JAX-RS RESTEasy Client\u0027s WebApplicationException handling",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7.4.5"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-25633"
        },
        {
          "category": "external",
          "summary": "RHBZ#1879042",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879042"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25633",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-25633"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25633",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25633"
        }
      ],
      "release_date": "2020-09-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-02-01T18:56:14+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat Single Sign-On 7.4.5"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0327"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7.4.5"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "resteasy-client: potential sensitive information leakage in JAX-RS RESTEasy Client\u0027s WebApplicationException handling"
    },
    {
      "cve": "CVE-2020-25640",
      "cwe": {
        "id": "CWE-532",
        "name": "Insertion of Sensitive Information into Log File"
      },
      "discovery_date": "2020-09-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1881637"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in wildfly. JMS passwords are logged by the resource adaptor in plain text at the warning level when a connection error occurs allowing any user that has access to the log to gain access to this sensitive information. The highest threat from this vulnerability is to data confidentiality.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "wildfly: resource adapter logs plaintext JMS password at warning level on connection error",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7.4.5"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-25640"
        },
        {
          "category": "external",
          "summary": "RHBZ#1881637",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881637"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25640",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-25640"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25640",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25640"
        },
        {
          "category": "external",
          "summary": "https://github.com/amqphub/amqp-10-resource-adapter/issues/13",
          "url": "https://github.com/amqphub/amqp-10-resource-adapter/issues/13"
        }
      ],
      "release_date": "2020-09-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-02-01T18:56:14+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat Single Sign-On 7.4.5"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0327"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7.4.5"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "wildfly: resource adapter logs plaintext JMS password at warning level on connection error"
    },
    {
      "cve": "CVE-2020-25689",
      "cwe": {
        "id": "CWE-401",
        "name": "Missing Release of Memory after Effective Lifetime"
      },
      "discovery_date": "2020-10-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1893070"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where the host-controller tries to reconnect in a loop, generating new connections that are not properly closed while unable to connect to the domain controller. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat from this vulnerability is to system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "wildfly-core: memory leak in WildFly host-controller in domain mode while not able to reconnect to domain-controller",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7.4.5"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-25689"
        },
        {
          "category": "external",
          "summary": "RHBZ#1893070",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1893070"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25689",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-25689"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25689",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25689"
        }
      ],
      "release_date": "2020-10-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-02-01T18:56:14+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat Single Sign-On 7.4.5"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0327"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7.4.5"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "wildfly-core: memory leak in WildFly host-controller in domain mode while not able to reconnect to domain-controller"
    },
    {
      "cve": "CVE-2020-27782",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2020-11-24T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1901304"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "undertow: special character in query results in server errors",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7.4.5"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-27782"
        },
        {
          "category": "external",
          "summary": "RHBZ#1901304",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901304"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-27782",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-27782"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-27782",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27782"
        }
      ],
      "release_date": "2021-01-25T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-02-01T18:56:14+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat Single Sign-On 7.4.5"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0327"
        },
        {
          "category": "workaround",
          "details": "The issue can be mitigated by using HTTP/1.1 instead of AJP to proxy to the back-end.",
          "product_ids": [
            "Red Hat Single Sign-On 7.4.5"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7.4.5"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "undertow: special character in query results in server errors"
    },
    {
      "cve": "CVE-2020-27822",
      "cwe": {
        "id": "CWE-401",
        "name": "Missing Release of Memory after Effective Lifetime"
      },
      "discovery_date": "2020-12-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1904060"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Wildfly. When an application uses the OpenTracing API\u0027s java-interceptors, there is a possibility of a memory leak. This flaw allows an attacker to impact the availability of the server. The highest threat from this vulnerability is to system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "wildfly: Potential Memory leak in Wildfly when using OpenTracing",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7.4.5"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-27822"
        },
        {
          "category": "external",
          "summary": "RHBZ#1904060",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1904060"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-27822",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-27822"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-27822",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27822"
        },
        {
          "category": "external",
          "summary": "https://issues.redhat.com/browse/WFLY-14094",
          "url": "https://issues.redhat.com/browse/WFLY-14094"
        }
      ],
      "release_date": "2020-12-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-02-01T18:56:14+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat Single Sign-On 7.4.5"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0327"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7.4.5"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "wildfly: Potential Memory leak in Wildfly when using OpenTracing"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-10770 (GCVE-0-2020-10770)

RHSA-2021_0320

RHSA-2021_0327

Tags

Sightings

Nomenclature