Action not permitted
Modal body text goes here.
cve-2018-10894
Vulnerability from cvelistv5
Published
2018-08-01 17:00
Modified
2024-08-05 07:54
Severity ?
EPSS score ?
Summary
It was found that SAML authentication in Keycloak 3.4.3.Final incorrectly authenticated expired certificates. A malicious user could use this to access unauthorized data or possibly conduct further attacks.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2018:3592 | Vendor Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2018:3593 | Vendor Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2018:3595 | Vendor Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2019:0877 | Vendor Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10894 | Issue Tracking, Patch, Vendor Advisory |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:54:34.911Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2018:3592",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3592"
},
{
"name": "RHSA-2018:3593",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3593"
},
{
"name": "RHSA-2018:3595",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3595"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10894"
},
{
"name": "RHSA-2019:0877",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0877"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "keycloak",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "3.4.3.Final"
}
]
}
],
"datePublic": "2018-07-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "It was found that SAML authentication in Keycloak 3.4.3.Final incorrectly authenticated expired certificates. A malicious user could use this to access unauthorized data or possibly conduct further attacks."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "CWE-345",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-24T21:06:04",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2018:3592",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3592"
},
{
"name": "RHSA-2018:3593",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3593"
},
{
"name": "RHSA-2018:3595",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3595"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10894"
},
{
"name": "RHSA-2019:0877",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0877"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-10894",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "keycloak",
"version": {
"version_data": [
{
"version_value": "3.4.3.Final"
}
]
}
}
]
},
"vendor_name": "Red Hat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was found that SAML authentication in Keycloak 3.4.3.Final incorrectly authenticated expired certificates. A malicious user could use this to access unauthorized data or possibly conduct further attacks."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.4/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-345"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:3592",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3592"
},
{
"name": "RHSA-2018:3593",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3593"
},
{
"name": "RHSA-2018:3595",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3595"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10894",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10894"
},
{
"name": "RHSA-2019:0877",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0877"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-10894",
"datePublished": "2018-08-01T17:00:00",
"dateReserved": "2018-05-09T00:00:00",
"dateUpdated": "2024-08-05T07:54:34.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2018-10894\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2018-08-01T17:29:00.347\",\"lastModified\":\"2019-10-09T23:33:10.180\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"It was found that SAML authentication in Keycloak 3.4.3.Final incorrectly authenticated expired certificates. A malicious user could use this to access unauthorized data or possibly conduct further attacks.\"},{\"lang\":\"es\",\"value\":\"Se ha descubierto que la autenticaci\u00f3n SAML en Keycloak 3.4.3.Final autenticaba incorrectamente los certificados caducados. Un usuario malicioso podr\u00eda aprovecharse de esto para acceder a datos no autorizados o, posiblemente, llevar a cabo m\u00e1s ataques.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":2.5},{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":2.5}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.5},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-295\"}]},{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-345\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:keycloak:3.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D602684-69EC-4051-AF5B-02595A16BEBA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:single_sign-on:7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FABBE0BB-135A-458C-BD84-54C052FFDC57\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3592\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3593\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3595\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0877\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10894\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]}]}}"
}
}
rhsa-2019_0877
Vulnerability from csaf_redhat
Published
2019-04-24 18:46
Modified
2024-11-05 21:03
Summary
Red Hat Security Advisory: Red Hat OpenShift Application Runtimes Thorntail 2.4.0 security & bug fix update
Notes
Topic
An update is now available for Red Hat OpenShift Application Runtimes.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Application Runtimes provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform.
This release of RHOAR Thorntail 2.4.0 serves as a replacement for RHOAR Thorntail 2.2.0, and includes security and bug fixes and enhancements. For further information, refer to the release notes linked to in the References section.
Security Fix(es):
* undertow: HTTP header injection using CRLF with UTF-8 Encoding (incomplete fix of CVE-2016-4993) (CVE-2018-1067)
* keycloak: auth permitted with expired certs in SAML client (CVE-2018-10894)
* undertow: File descriptor leak caused by JarURLConnection.getLastModified() allows attacker to cause a denial of service (CVE-2018-1114)
* keycloak: infinite loop in session replacement leading to denial of service (CVE-2018-10912)
* wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (Zip Slip) (CVE-2018-10862)
* jackson-databind: arbitrary code execution in slf4j-ext class (CVE-2018-14718)
* jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes (CVE-2018-14719)
* jackson-databind: improper polymorphic deserialization in axis2-transport-jms class (CVE-2018-19360)
* jackson-databind: improper polymorphic deserialization in openjpa class (CVE-2018-19361)
* jackson-databind: improper polymorphic deserialization in jboss-common-core class (CVE-2018-19362)
* jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver (CVE-2018-12023)
* jackson-databind: improper polymorphic deserialization of types from Jodd-db library (CVE-2018-12022)
* jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis (CVE-2018-11307)
* bouncycastle: flaw in the low-level interface to RSA key pair generator (CVE-2018-1000180)
For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat OpenShift Application Runtimes.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Application Runtimes provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform.\n\nThis release of RHOAR Thorntail 2.4.0 serves as a replacement for RHOAR Thorntail 2.2.0, and includes security and bug fixes and enhancements. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* undertow: HTTP header injection using CRLF with UTF-8 Encoding (incomplete fix of CVE-2016-4993) (CVE-2018-1067)\n\n* keycloak: auth permitted with expired certs in SAML client (CVE-2018-10894)\n\n* undertow: File descriptor leak caused by JarURLConnection.getLastModified() allows attacker to cause a denial of service (CVE-2018-1114)\n\n* keycloak: infinite loop in session replacement leading to denial of service (CVE-2018-10912)\n\n* wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (Zip Slip) (CVE-2018-10862)\n\n* jackson-databind: arbitrary code execution in slf4j-ext class (CVE-2018-14718)\n\n* jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes (CVE-2018-14719)\n\n* jackson-databind: improper polymorphic deserialization in axis2-transport-jms class (CVE-2018-19360)\n\n* jackson-databind: improper polymorphic deserialization in openjpa class (CVE-2018-19361)\n\n* jackson-databind: improper polymorphic deserialization in jboss-common-core class (CVE-2018-19362)\n\n* jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver (CVE-2018-12023)\n\n* jackson-databind: improper polymorphic deserialization of types from Jodd-db library (CVE-2018-12022)\n\n* jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis (CVE-2018-11307)\n\n* bouncycastle: flaw in the low-level interface to RSA key pair generator (CVE-2018-1000180)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:0877",
"url": "https://access.redhat.com/errata/RHSA-2019:0877"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=catRhoar.thorntail\u0026version=2.4.0",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=catRhoar.thorntail\u0026version=2.4.0"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_openshift_application_runtimes/1/html-single/rhoar_thorntail_release_notes/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_openshift_application_runtimes/1/html-single/rhoar_thorntail_release_notes/"
},
{
"category": "external",
"summary": "1550671",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550671"
},
{
"category": "external",
"summary": "1573045",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1573045"
},
{
"category": "external",
"summary": "1588306",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588306"
},
{
"category": "external",
"summary": "1593527",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593527"
},
{
"category": "external",
"summary": "1599434",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1599434"
},
{
"category": "external",
"summary": "1607624",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1607624"
},
{
"category": "external",
"summary": "1666415",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666415"
},
{
"category": "external",
"summary": "1666418",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666418"
},
{
"category": "external",
"summary": "1666482",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666482"
},
{
"category": "external",
"summary": "1666484",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666484"
},
{
"category": "external",
"summary": "1666489",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666489"
},
{
"category": "external",
"summary": "1671096",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671096"
},
{
"category": "external",
"summary": "1671097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671097"
},
{
"category": "external",
"summary": "1677341",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677341"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_0877.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Application Runtimes Thorntail 2.4.0 security \u0026 bug fix update",
"tracking": {
"current_release_date": "2024-11-05T21:03:23+00:00",
"generator": {
"date": "2024-11-05T21:03:23+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.1.1"
}
},
"id": "RHSA-2019:0877",
"initial_release_date": "2019-04-24T18:46:31+00:00",
"revision_history": [
{
"date": "2019-04-24T18:46:31+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-04-24T18:46:31+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-05T21:03:23+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Text-Only RHOAR",
"product": {
"name": "Text-Only RHOAR",
"product_id": "Text-Only RHOAR",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Application Runtimes"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Ammarit Thongthua",
"Nattakit Intarasorn"
],
"organization": "Deloitte Thailand Pentest team"
}
],
"cve": "CVE-2018-1067",
"cwe": {
"id": "CWE-113",
"name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)"
},
"discovery_date": "2018-03-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1550671"
}
],
"notes": [
{
"category": "description",
"text": "It was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: HTTP header injection using CRLF with UTF-8 Encoding (incomplete fix of CVE-2016-4993)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only RHOAR"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1067"
},
{
"category": "external",
"summary": "RHBZ#1550671",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550671"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1067",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1067"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1067",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1067"
}
],
"release_date": "2018-04-25T17:51:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-04-24T18:46:31+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Text-Only RHOAR"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0877"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Text-Only RHOAR"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: HTTP header injection using CRLF with UTF-8 Encoding (incomplete fix of CVE-2016-4993)"
},
{
"cve": "CVE-2018-1114",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2018-04-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1573045"
}
],
"notes": [
{
"category": "description",
"text": "It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: File descriptor leak caused by JarURLConnection.getLastModified() allows attacker to cause a denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only RHOAR"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1114"
},
{
"category": "external",
"summary": "RHBZ#1573045",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1573045"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1114",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1114"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1114",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1114"
},
{
"category": "external",
"summary": "https://bugs.openjdk.java.net/browse/JDK-6956385",
"url": "https://bugs.openjdk.java.net/browse/JDK-6956385"
},
{
"category": "external",
"summary": "https://issues.jboss.org/browse/UNDERTOW-1338",
"url": "https://issues.jboss.org/browse/UNDERTOW-1338"
}
],
"release_date": "2018-04-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-04-24T18:46:31+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Text-Only RHOAR"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0877"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Text-Only RHOAR"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: File descriptor leak caused by JarURLConnection.getLastModified() allows attacker to cause a denial of service"
},
{
"cve": "CVE-2018-10862",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2018-06-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1593527"
}
],
"notes": [
{
"category": "description",
"text": "It was found that the explode function of the deployment utility in jboss-cli and console that allows extraction of files from an archive does not perform necessary validation for directory traversal. This can lead to remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (Zip Slip)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability can only be exploited by users with deployment permissions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only RHOAR"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10862"
},
{
"category": "external",
"summary": "RHBZ#1593527",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593527"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10862",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10862"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10862",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10862"
},
{
"category": "external",
"summary": "https://snyk.io/research/zip-slip-vulnerability",
"url": "https://snyk.io/research/zip-slip-vulnerability"
}
],
"release_date": "2018-06-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-04-24T18:46:31+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Text-Only RHOAR"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0877"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.0"
},
"products": [
"Text-Only RHOAR"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (Zip Slip)"
},
{
"acknowledgments": [
{
"names": [
"Benjamin Berg"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2018-10894",
"cwe": {
"id": "CWE-345",
"name": "Insufficient Verification of Data Authenticity"
},
"discovery_date": "2018-05-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1599434"
}
],
"notes": [
{
"category": "description",
"text": "It was found that SAML authentication in Keycloak 3.4.3.Final incorrectly authenticated expired certificates. A malicious user could use this to access unauthorized data or possibly conduct further attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: auth permitted with expired certs in SAML client",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only RHOAR"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10894"
},
{
"category": "external",
"summary": "RHBZ#1599434",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1599434"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10894",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10894"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10894",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10894"
}
],
"release_date": "2018-07-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-04-24T18:46:31+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Text-Only RHOAR"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0877"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Text-Only RHOAR"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "keycloak: auth permitted with expired certs in SAML client"
},
{
"cve": "CVE-2018-10912",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2018-05-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1607624"
}
],
"notes": [
{
"category": "description",
"text": "keycloak before version 4.0.0.final is vulnerable to a infinite loop in session replacement. A Keycloak cluster with multiple nodes could mishandle an expired session replacement and lead to an infinite loop. A malicious authenticated user could use this flaw to achieve Denial of Service on the server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: infinite loop in session replacement leading to denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only RHOAR"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10912"
},
{
"category": "external",
"summary": "RHBZ#1607624",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1607624"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10912",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10912"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10912",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10912"
}
],
"release_date": "2018-05-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-04-24T18:46:31+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Text-Only RHOAR"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0877"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Text-Only RHOAR"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "keycloak: infinite loop in session replacement leading to denial of service"
},
{
"cve": "CVE-2018-11307",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-02-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1677341"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using MyBatis classes when using DefaultTyping. An attacker could use this flaw to achieve content exfiltration and possibly conduct further attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6 is not affected by this issue, since Candlepin\u0027s java runtime environment does not load MyBatis classes.\n\nRed Hat Virtualization 4 is not affected by this issue, since it does not include MyBatis classes.\n\nRed Hat Fuse 6 and 7 are not directly affected by this issue, as although they do ship the vulnerable jackson-databind component, they do not enable polymorphic deserialization or default typing which are required for exploitability. Their impacts have correspondingly been reduced to Moderate. Future updates may address this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only RHOAR"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-11307"
},
{
"category": "external",
"summary": "RHBZ#1677341",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677341"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-11307",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11307"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-11307",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11307"
}
],
"release_date": "2018-05-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-04-24T18:46:31+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Text-Only RHOAR"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0877"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"Text-Only RHOAR"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis"
},
{
"cve": "CVE-2018-12022",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-01-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1671097"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using Jodd DB connection classes when using DefaultTyping. An attacker could use this flaw to achieve remote code execution under certain circumstances.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: improper polymorphic deserialization of types from Jodd-db library",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6 is not affected by this issue, since Candlepin\u0027s java runtime environment does not load Jodd classes.\n\nRed Hat Virtualization 4 is not affected by this issue, since it does not load Jodd classes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only RHOAR"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-12022"
},
{
"category": "external",
"summary": "RHBZ#1671097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671097"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-12022",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12022"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-12022",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12022"
}
],
"release_date": "2018-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-04-24T18:46:31+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Text-Only RHOAR"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0877"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"Text-Only RHOAR"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jackson-databind: improper polymorphic deserialization of types from Jodd-db library"
},
{
"cve": "CVE-2018-12023",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-01-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1671096"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using Oracle JDBC classes when using DefaultTyping. An attacker could use this flaw to achieve remote code execution under certain circumstances.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6 is not affected by this issue, since Candlepin\u0027s java runtime environment does not load Oracle\u0027s JDBC classes.\n\nRed Hat Virtualization 4 is not affected by this issue, since it does not load Oracle\u0027s JDBC classes.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only RHOAR"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-12023"
},
{
"category": "external",
"summary": "RHBZ#1671096",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671096"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-12023",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12023"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-12023",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12023"
}
],
"release_date": "2018-06-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-04-24T18:46:31+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Text-Only RHOAR"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0877"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"Text-Only RHOAR"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver"
},
{
"cve": "CVE-2018-14718",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-01-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1666415"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using slf4j classes. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: arbitrary code execution in slf4j-ext class",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in jackson-databind involves exploiting CVE-2018-1088 against slf4j, which was fixed in Red Hat products through the errata referenced at https://access.redhat.com/security/cve/cve-2018-8088. Applications that link only slf4j versions including that fix are not vulnerable to this vulnerability.\n\nRed Hat Satellite 6 is not affected by this issue, since its candlepin component doesn\u0027t bundle slf4j-ext jar.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only RHOAR"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14718"
},
{
"category": "external",
"summary": "RHBZ#1666415",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666415"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14718",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14718"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14718",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14718"
}
],
"release_date": "2018-07-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-04-24T18:46:31+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Text-Only RHOAR"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0877"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"Text-Only RHOAR"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jackson-databind: arbitrary code execution in slf4j-ext class"
},
{
"cve": "CVE-2018-14719",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-01-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1666418"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using blaze classes. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The following Red Hat products are not affected by this issue as they do not bundle or provide the requisite gadget jars to exploit this vulnerability:\nRed Hat Satellite 6\nRed Hat Enterprise Virtualization 4\nRed Hat Fuse 6, 7, and Fuse Integration Services 2\nRed Hat A-MQ 6",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only RHOAR"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14719"
},
{
"category": "external",
"summary": "RHBZ#1666418",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666418"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14719",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14719"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14719",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14719"
}
],
"release_date": "2018-07-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-04-24T18:46:31+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Text-Only RHOAR"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0877"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"Text-Only RHOAR"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes"
},
{
"cve": "CVE-2018-19360",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-01-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1666482"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using the axis2-transport-jms class. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: improper polymorphic deserialization in axis2-transport-jms class",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6 is not affected by this issue, since its candlepin component doesn\u0027t include axis2-transport-jms jar.\n\nRed Hat Virtualization 4 is not affected by this issue, since it does not include axis2-transport-jms jar.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only RHOAR"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-19360"
},
{
"category": "external",
"summary": "RHBZ#1666482",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666482"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-19360",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19360"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-19360",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19360"
}
],
"release_date": "2018-11-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-04-24T18:46:31+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Text-Only RHOAR"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0877"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"Text-Only RHOAR"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jackson-databind: improper polymorphic deserialization in axis2-transport-jms class"
},
{
"cve": "CVE-2018-19361",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-01-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1666484"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using the OpenJPA class. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: improper polymorphic deserialization in openjpa class",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6 is not affected by this issue, since its candlepin component doesn\u0027t bundle openjpa jar.\n\nRed Hat Virtualization 4 is not affected by this issue, since its candlepin component doesn\u0027t bundle openjpa jar.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only RHOAR"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-19361"
},
{
"category": "external",
"summary": "RHBZ#1666484",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666484"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-19361",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19361"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-19361",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19361"
}
],
"release_date": "2018-11-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-04-24T18:46:31+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Text-Only RHOAR"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0877"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"Text-Only RHOAR"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jackson-databind: improper polymorphic deserialization in openjpa class"
},
{
"cve": "CVE-2018-19362",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-01-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1666489"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using the jboss-common-core class. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: improper polymorphic deserialization in jboss-common-core class",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6 is not affected by this issue, since its candlepin component doesn\u0027t bundle jboss-common-core jar.\n\nRed Hat Virtualization 4 is not affected by this issue, since its candlepin component doesn\u0027t bundle jboss-common-core jar.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only RHOAR"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-19362"
},
{
"category": "external",
"summary": "RHBZ#1666489",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666489"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-19362",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19362"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-19362",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19362"
}
],
"release_date": "2018-11-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-04-24T18:46:31+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Text-Only RHOAR"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0877"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"Text-Only RHOAR"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jackson-databind: improper polymorphic deserialization in jboss-common-core class"
},
{
"cve": "CVE-2018-1000180",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2018-06-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1588306"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in BouncyCastle. The number of iterations of the Miller-Rabin primality test was incorrectly calculated (according to FIPS 186-4 C.3). Under some circumstances, this could lead to the generation of weak RSA key pairs.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bouncycastle: flaw in the low-level interface to RSA key pair generator",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of bouncycastle as shipped with Red Hat Subscription Asset Manager 1.x. Red Hat Product Security has rated this issue as having a security impact of Moderate. No update is planned for this product at this time. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\n\nRed Hat Satellite 6.5 isn\u0027t vulnerable to this issue, since it doesn\u0027t ship bouncycastle jar file anymore.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only RHOAR"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1000180"
},
{
"category": "external",
"summary": "RHBZ#1588306",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588306"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1000180",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000180"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000180",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000180"
}
],
"release_date": "2018-04-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-04-24T18:46:31+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Text-Only RHOAR"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0877"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Text-Only RHOAR"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bouncycastle: flaw in the low-level interface to RSA key pair generator"
}
]
}
rhsa-2018_3595
Vulnerability from csaf_redhat
Published
2018-11-13 18:20
Modified
2024-11-05 20:53
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.2.5 security and bug fix update
Notes
Topic
A security update is now available for Red Hat Single Sign-On 7.2 from the Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
[2021-06-29 UPDATE: The advisory was originally published with incomplete informational links and has been republished to update those links. NO CODE HAS CHANGED WITH THIS UPDATE, AND NO ACTION IS REQUIRED.]
Details
Red Hat Single Sign-On 7.2 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.2.5 serves as a replacement for Red Hat Single Sign-On 7.2.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* keycloak: auth permitted with expired certs in SAML client (CVE-2018-10894)
* JBoss/WildFly: iiop does not honour strict transport confidentiality (CVE-2018-14627)
* keycloak: expiration not validated in SAML broker consumer endpoint (CVE-2018-14637)
* keycloak: XSS-Vulnerability with response_mode=form_post (CVE-2018-14655)
* keycloak: Open Redirect in Login and Logout (CVE-2018-14658)
* keycloak: brute force protection not working for the entire login workflow (CVE-2018-14657)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
The CVE-2018-10894 issue was discovered by Benjamin Berg (Red Hat).
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A security update is now available for Red Hat Single Sign-On 7.2 from the Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\n[2021-06-29 UPDATE: The advisory was originally published with incomplete informational links and has been republished to update those links. NO CODE HAS CHANGED WITH THIS UPDATE, AND NO ACTION IS REQUIRED.]",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Single Sign-On 7.2 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.2.5 serves as a replacement for Red Hat Single Sign-On 7.2.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* keycloak: auth permitted with expired certs in SAML client (CVE-2018-10894)\n\n* JBoss/WildFly: iiop does not honour strict transport confidentiality (CVE-2018-14627)\n\n* keycloak: expiration not validated in SAML broker consumer endpoint (CVE-2018-14637)\n\n* keycloak: XSS-Vulnerability with response_mode=form_post (CVE-2018-14655)\n\n* keycloak: Open Redirect in Login and Logout (CVE-2018-14658)\n\n* keycloak: brute force protection not working for the entire login workflow (CVE-2018-14657)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nThe CVE-2018-10894 issue was discovered by Benjamin Berg (Red Hat).",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:3595",
"url": "https://access.redhat.com/errata/RHSA-2018:3595"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=core.service.rhsso\u0026version=7.2",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=core.service.rhsso\u0026version=7.2"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_single_sign_on/?version=7.2",
"url": "https://access.redhat.com/documentation/en-us/red_hat_single_sign_on/?version=7.2"
},
{
"category": "external",
"summary": "1599434",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1599434"
},
{
"category": "external",
"summary": "1624664",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1624664"
},
{
"category": "external",
"summary": "1625396",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1625396"
},
{
"category": "external",
"summary": "1625404",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1625404"
},
{
"category": "external",
"summary": "1625409",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1625409"
},
{
"category": "external",
"summary": "1627851",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1627851"
},
{
"category": "external",
"summary": "JBEAP-15587",
"url": "https://issues.redhat.com/browse/JBEAP-15587"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_3595.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.2.5 security and bug fix update",
"tracking": {
"current_release_date": "2024-11-05T20:53:17+00:00",
"generator": {
"date": "2024-11-05T20:53:17+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.1.1"
}
},
"id": "RHSA-2018:3595",
"initial_release_date": "2018-11-13T18:20:46+00:00",
"revision_history": [
{
"date": "2018-11-13T18:20:46+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-06-29T21:44:34+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-05T20:53:17+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Single Sign-On 7.2.5 zip",
"product": {
"name": "Red Hat Single Sign-On 7.2.5 zip",
"product_id": "Red Hat Single Sign-On 7.2.5 zip",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_single_sign_on:7.2"
}
}
}
],
"category": "product_family",
"name": "Red Hat Single Sign-On"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Benjamin Berg"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2018-10894",
"cwe": {
"id": "CWE-345",
"name": "Insufficient Verification of Data Authenticity"
},
"discovery_date": "2018-05-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1599434"
}
],
"notes": [
{
"category": "description",
"text": "It was found that SAML authentication in Keycloak 3.4.3.Final incorrectly authenticated expired certificates. A malicious user could use this to access unauthorized data or possibly conduct further attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: auth permitted with expired certs in SAML client",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.2.5 zip"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10894"
},
{
"category": "external",
"summary": "RHBZ#1599434",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1599434"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10894",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10894"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10894",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10894"
}
],
"release_date": "2018-07-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-11-13T18:20:46+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.2.5 zip"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:3595"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat Single Sign-On 7.2.5 zip"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "keycloak: auth permitted with expired certs in SAML client"
},
{
"cve": "CVE-2018-14627",
"cwe": {
"id": "CWE-319",
"name": "Cleartext Transmission of Sensitive Information"
},
"discovery_date": "2018-08-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1624664"
}
],
"notes": [
{
"category": "description",
"text": "The IIOP OpenJDK Subsystem in WildFly before version 14.0.0 does not honour configuration when SSL transport is required. Servers before this version that are configured with the following setting allow clients to create plaintext connections: \u003ctransport-config confidentiality=\"required\" trust-in-target=\"supported\"/\u003e",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JBoss/WildFly: iiop does not honour strict transport confidentiality",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.2.5 zip"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14627"
},
{
"category": "external",
"summary": "RHBZ#1624664",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1624664"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14627",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14627"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14627",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14627"
}
],
"release_date": "2017-07-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-11-13T18:20:46+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.2.5 zip"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:3595"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Single Sign-On 7.2.5 zip"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "JBoss/WildFly: iiop does not honour strict transport confidentiality"
},
{
"cve": "CVE-2018-14637",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2018-09-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1627851"
}
],
"notes": [
{
"category": "description",
"text": "The SAML broker consumer endpoint in Keycloak before version 4.6.0.Final ignores expiration conditions on SAML assertions. An attacker can exploit this vulnerability to perform a replay attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: expiration not validated in SAML broker consumer endpoint",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.2.5 zip"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14637"
},
{
"category": "external",
"summary": "RHBZ#1627851",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1627851"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14637",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14637"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14637",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14637"
}
],
"release_date": "2018-11-27T20:23:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-11-13T18:20:46+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.2.5 zip"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:3595"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat Single Sign-On 7.2.5 zip"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "keycloak: expiration not validated in SAML broker consumer endpoint"
},
{
"cve": "CVE-2018-14655",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2018-09-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1625396"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final. When using \u0027response_mode=form_post\u0027 it is possible to inject arbitrary Javascript-Code via the \u0027state\u0027-parameter in the authentication URL. This allows an XSS-Attack upon succesfully login.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: XSS-Vulnerability with response_mode=form_post",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.2.5 zip"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14655"
},
{
"category": "external",
"summary": "RHBZ#1625396",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1625396"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14655",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14655"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14655",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14655"
}
],
"release_date": "2018-11-13T17:37:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-11-13T18:20:46+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.2.5 zip"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:3595"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat Single Sign-On 7.2.5 zip"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "keycloak: XSS-Vulnerability with response_mode=form_post"
},
{
"cve": "CVE-2018-14657",
"cwe": {
"id": "CWE-307",
"name": "Improper Restriction of Excessive Authentication Attempts"
},
"discovery_date": "2018-09-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1625404"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Keycloak 4.2.1.Final, 4.3.0.Final. When TOPT enabled, an improper implementation of the Brute Force detection algorithm will not enforce its protection measures.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: brute force protection not working for the entire login workflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.2.5 zip"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14657"
},
{
"category": "external",
"summary": "RHBZ#1625404",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1625404"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14657",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14657"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14657",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14657"
}
],
"release_date": "2018-11-13T17:37:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-11-13T18:20:46+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.2.5 zip"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:3595"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat Single Sign-On 7.2.5 zip"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "keycloak: brute force protection not working for the entire login workflow"
},
{
"cve": "CVE-2018-14658",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"discovery_date": "2018-09-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1625409"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in JBOSS Keycloak 3.2.1.Final. The Redirect URL for both Login and Logout are not normalized in org.keycloak.protocol.oidc.utils.RedirectUtils before the redirect url is verified. This can lead to an Open Redirection attack",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: Open Redirect in Login and Logout",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.2.5 zip"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14658"
},
{
"category": "external",
"summary": "RHBZ#1625409",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1625409"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14658",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14658"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14658",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14658"
}
],
"release_date": "2018-11-13T17:38:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-11-13T18:20:46+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.2.5 zip"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:3595"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat Single Sign-On 7.2.5 zip"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "keycloak: Open Redirect in Login and Logout"
}
]
}
rhsa-2018_3593
Vulnerability from csaf_redhat
Published
2018-11-13 18:16
Modified
2024-11-05 20:53
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.2.5 on RHEL 7 security and bug fix update
Notes
Topic
New Red Hat Single Sign-On 7.2.5 packages are now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On 7.2 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.2.5 serves as a replacement for Red Hat Single Sign-On 7.2.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* keycloak: auth permitted with expired certs in SAML client (CVE-2018-10894)
* keycloak: XSS-Vulnerability with response_mode=form_post (CVE-2018-14655)
* keycloak: Open Redirect in Login and Logout (CVE-2018-14658)
* keycloak: brute force protection not working for the entire login workflow (CVE-2018-14657)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
The CVE-2018-10894 issue was discovered by Benjamin Berg (Red Hat).
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "New Red Hat Single Sign-On 7.2.5 packages are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Single Sign-On 7.2 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.2.5 serves as a replacement for Red Hat Single Sign-On 7.2.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* keycloak: auth permitted with expired certs in SAML client (CVE-2018-10894)\n\n* keycloak: XSS-Vulnerability with response_mode=form_post (CVE-2018-14655)\n\n* keycloak: Open Redirect in Login and Logout (CVE-2018-14658)\n\n* keycloak: brute force protection not working for the entire login workflow (CVE-2018-14657)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nThe CVE-2018-10894 issue was discovered by Benjamin Berg (Red Hat).",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:3593",
"url": "https://access.redhat.com/errata/RHSA-2018:3593"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_single_sign_on/?version=7.2",
"url": "https://access.redhat.com/documentation/en-us/red_hat_single_sign_on/?version=7.2"
},
{
"category": "external",
"summary": "1599434",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1599434"
},
{
"category": "external",
"summary": "1625396",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1625396"
},
{
"category": "external",
"summary": "1625404",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1625404"
},
{
"category": "external",
"summary": "1625409",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1625409"
},
{
"category": "external",
"summary": "JBEAP-15588",
"url": "https://issues.redhat.com/browse/JBEAP-15588"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_3593.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.2.5 on RHEL 7 security and bug fix update",
"tracking": {
"current_release_date": "2024-11-05T20:53:05+00:00",
"generator": {
"date": "2024-11-05T20:53:05+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.1.1"
}
},
"id": "RHSA-2018:3593",
"initial_release_date": "2018-11-13T18:16:54+00:00",
"revision_history": [
{
"date": "2018-11-13T18:16:54+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-11-13T18:16:54+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-05T20:53:05+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Single Sign-On 7.2 for RHEL 7 Server",
"product": {
"name": "Red Hat Single Sign-On 7.2 for RHEL 7 Server",
"product_id": "7Server-RHSSO-7.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Single Sign-On"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-sso7-keycloak-server-0:3.4.14-1.Final_redhat_00001.1.jbcs.el7.noarch",
"product": {
"name": "rh-sso7-keycloak-server-0:3.4.14-1.Final_redhat_00001.1.jbcs.el7.noarch",
"product_id": "rh-sso7-keycloak-server-0:3.4.14-1.Final_redhat_00001.1.jbcs.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-sso7-keycloak-server@3.4.14-1.Final_redhat_00001.1.jbcs.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el7.noarch",
"product": {
"name": "rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el7.noarch",
"product_id": "rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-sso7-keycloak@3.4.14-1.Final_redhat_00001.1.jbcs.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el7.src",
"product": {
"name": "rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el7.src",
"product_id": "rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-sso7-keycloak@3.4.14-1.Final_redhat_00001.1.jbcs.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el7.noarch as a component of Red Hat Single Sign-On 7.2 for RHEL 7 Server",
"product_id": "7Server-RHSSO-7.2:rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el7.noarch"
},
"product_reference": "rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el7.noarch",
"relates_to_product_reference": "7Server-RHSSO-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el7.src as a component of Red Hat Single Sign-On 7.2 for RHEL 7 Server",
"product_id": "7Server-RHSSO-7.2:rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el7.src"
},
"product_reference": "rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el7.src",
"relates_to_product_reference": "7Server-RHSSO-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-sso7-keycloak-server-0:3.4.14-1.Final_redhat_00001.1.jbcs.el7.noarch as a component of Red Hat Single Sign-On 7.2 for RHEL 7 Server",
"product_id": "7Server-RHSSO-7.2:rh-sso7-keycloak-server-0:3.4.14-1.Final_redhat_00001.1.jbcs.el7.noarch"
},
"product_reference": "rh-sso7-keycloak-server-0:3.4.14-1.Final_redhat_00001.1.jbcs.el7.noarch",
"relates_to_product_reference": "7Server-RHSSO-7.2"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Benjamin Berg"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2018-10894",
"cwe": {
"id": "CWE-345",
"name": "Insufficient Verification of Data Authenticity"
},
"discovery_date": "2018-05-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1599434"
}
],
"notes": [
{
"category": "description",
"text": "It was found that SAML authentication in Keycloak 3.4.3.Final incorrectly authenticated expired certificates. A malicious user could use this to access unauthorized data or possibly conduct further attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: auth permitted with expired certs in SAML client",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHSSO-7.2:rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el7.noarch",
"7Server-RHSSO-7.2:rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el7.src",
"7Server-RHSSO-7.2:rh-sso7-keycloak-server-0:3.4.14-1.Final_redhat_00001.1.jbcs.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10894"
},
{
"category": "external",
"summary": "RHBZ#1599434",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1599434"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10894",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10894"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10894",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10894"
}
],
"release_date": "2018-07-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-11-13T18:16:54+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RHSSO-7.2:rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el7.noarch",
"7Server-RHSSO-7.2:rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el7.src",
"7Server-RHSSO-7.2:rh-sso7-keycloak-server-0:3.4.14-1.Final_redhat_00001.1.jbcs.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:3593"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-RHSSO-7.2:rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el7.noarch",
"7Server-RHSSO-7.2:rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el7.src",
"7Server-RHSSO-7.2:rh-sso7-keycloak-server-0:3.4.14-1.Final_redhat_00001.1.jbcs.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "keycloak: auth permitted with expired certs in SAML client"
},
{
"cve": "CVE-2018-14637",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2018-09-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1627851"
}
],
"notes": [
{
"category": "description",
"text": "The SAML broker consumer endpoint in Keycloak before version 4.6.0.Final ignores expiration conditions on SAML assertions. An attacker can exploit this vulnerability to perform a replay attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: expiration not validated in SAML broker consumer endpoint",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHSSO-7.2:rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el7.noarch",
"7Server-RHSSO-7.2:rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el7.src",
"7Server-RHSSO-7.2:rh-sso7-keycloak-server-0:3.4.14-1.Final_redhat_00001.1.jbcs.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14637"
},
{
"category": "external",
"summary": "RHBZ#1627851",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1627851"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14637",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14637"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14637",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14637"
}
],
"release_date": "2018-11-27T20:23:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-11-13T18:16:54+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RHSSO-7.2:rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el7.noarch",
"7Server-RHSSO-7.2:rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el7.src",
"7Server-RHSSO-7.2:rh-sso7-keycloak-server-0:3.4.14-1.Final_redhat_00001.1.jbcs.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:3593"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-RHSSO-7.2:rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el7.noarch",
"7Server-RHSSO-7.2:rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el7.src",
"7Server-RHSSO-7.2:rh-sso7-keycloak-server-0:3.4.14-1.Final_redhat_00001.1.jbcs.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "keycloak: expiration not validated in SAML broker consumer endpoint"
},
{
"cve": "CVE-2018-14655",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2018-09-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1625396"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final. When using \u0027response_mode=form_post\u0027 it is possible to inject arbitrary Javascript-Code via the \u0027state\u0027-parameter in the authentication URL. This allows an XSS-Attack upon succesfully login.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: XSS-Vulnerability with response_mode=form_post",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHSSO-7.2:rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el7.noarch",
"7Server-RHSSO-7.2:rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el7.src",
"7Server-RHSSO-7.2:rh-sso7-keycloak-server-0:3.4.14-1.Final_redhat_00001.1.jbcs.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14655"
},
{
"category": "external",
"summary": "RHBZ#1625396",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1625396"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14655",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14655"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14655",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14655"
}
],
"release_date": "2018-11-13T17:37:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-11-13T18:16:54+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RHSSO-7.2:rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el7.noarch",
"7Server-RHSSO-7.2:rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el7.src",
"7Server-RHSSO-7.2:rh-sso7-keycloak-server-0:3.4.14-1.Final_redhat_00001.1.jbcs.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:3593"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-RHSSO-7.2:rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el7.noarch",
"7Server-RHSSO-7.2:rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el7.src",
"7Server-RHSSO-7.2:rh-sso7-keycloak-server-0:3.4.14-1.Final_redhat_00001.1.jbcs.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "keycloak: XSS-Vulnerability with response_mode=form_post"
},
{
"cve": "CVE-2018-14657",
"cwe": {
"id": "CWE-307",
"name": "Improper Restriction of Excessive Authentication Attempts"
},
"discovery_date": "2018-09-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1625404"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Keycloak 4.2.1.Final, 4.3.0.Final. When TOPT enabled, an improper implementation of the Brute Force detection algorithm will not enforce its protection measures.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: brute force protection not working for the entire login workflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHSSO-7.2:rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el7.noarch",
"7Server-RHSSO-7.2:rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el7.src",
"7Server-RHSSO-7.2:rh-sso7-keycloak-server-0:3.4.14-1.Final_redhat_00001.1.jbcs.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14657"
},
{
"category": "external",
"summary": "RHBZ#1625404",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1625404"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14657",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14657"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14657",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14657"
}
],
"release_date": "2018-11-13T17:37:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-11-13T18:16:54+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RHSSO-7.2:rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el7.noarch",
"7Server-RHSSO-7.2:rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el7.src",
"7Server-RHSSO-7.2:rh-sso7-keycloak-server-0:3.4.14-1.Final_redhat_00001.1.jbcs.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:3593"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-RHSSO-7.2:rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el7.noarch",
"7Server-RHSSO-7.2:rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el7.src",
"7Server-RHSSO-7.2:rh-sso7-keycloak-server-0:3.4.14-1.Final_redhat_00001.1.jbcs.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "keycloak: brute force protection not working for the entire login workflow"
},
{
"cve": "CVE-2018-14658",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"discovery_date": "2018-09-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1625409"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in JBOSS Keycloak 3.2.1.Final. The Redirect URL for both Login and Logout are not normalized in org.keycloak.protocol.oidc.utils.RedirectUtils before the redirect url is verified. This can lead to an Open Redirection attack",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: Open Redirect in Login and Logout",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHSSO-7.2:rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el7.noarch",
"7Server-RHSSO-7.2:rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el7.src",
"7Server-RHSSO-7.2:rh-sso7-keycloak-server-0:3.4.14-1.Final_redhat_00001.1.jbcs.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14658"
},
{
"category": "external",
"summary": "RHBZ#1625409",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1625409"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14658",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14658"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14658",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14658"
}
],
"release_date": "2018-11-13T17:38:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-11-13T18:16:54+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RHSSO-7.2:rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el7.noarch",
"7Server-RHSSO-7.2:rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el7.src",
"7Server-RHSSO-7.2:rh-sso7-keycloak-server-0:3.4.14-1.Final_redhat_00001.1.jbcs.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:3593"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-RHSSO-7.2:rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el7.noarch",
"7Server-RHSSO-7.2:rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el7.src",
"7Server-RHSSO-7.2:rh-sso7-keycloak-server-0:3.4.14-1.Final_redhat_00001.1.jbcs.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "keycloak: Open Redirect in Login and Logout"
}
]
}
rhsa-2018_3592
Vulnerability from csaf_redhat
Published
2018-11-13 18:15
Modified
2024-11-05 20:52
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.2.5 on RHEL 6 security and bug fix update
Notes
Topic
New Red Hat Single Sign-On 7.2.5 packages are now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On 7.2 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.2.5 serves as a replacement for Red Hat Single Sign-On 7.2.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* keycloak: auth permitted with expired certs in SAML client (CVE-2018-10894)
* keycloak: XSS-Vulnerability with response_mode=form_post (CVE-2018-14655)
* keycloak: Open Redirect in Login and Logout (CVE-2018-14658)
* keycloak: brute force protection not working for the entire login workflow (CVE-2018-14657)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
The CVE-2018-10894 issue was discovered by Benjamin Berg (Red Hat).
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "New Red Hat Single Sign-On 7.2.5 packages are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Single Sign-On 7.2 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.2.5 serves as a replacement for Red Hat Single Sign-On 7.2.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* keycloak: auth permitted with expired certs in SAML client (CVE-2018-10894)\n\n* keycloak: XSS-Vulnerability with response_mode=form_post (CVE-2018-14655)\n\n* keycloak: Open Redirect in Login and Logout (CVE-2018-14658)\n\n* keycloak: brute force protection not working for the entire login workflow (CVE-2018-14657)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nThe CVE-2018-10894 issue was discovered by Benjamin Berg (Red Hat).",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:3592",
"url": "https://access.redhat.com/errata/RHSA-2018:3592"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_single_sign_on/?version=7.2",
"url": "https://access.redhat.com/documentation/en-us/red_hat_single_sign_on/?version=7.2"
},
{
"category": "external",
"summary": "1599434",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1599434"
},
{
"category": "external",
"summary": "1625396",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1625396"
},
{
"category": "external",
"summary": "1625404",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1625404"
},
{
"category": "external",
"summary": "1625409",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1625409"
},
{
"category": "external",
"summary": "JBEAP-15587",
"url": "https://issues.redhat.com/browse/JBEAP-15587"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_3592.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.2.5 on RHEL 6 security and bug fix update",
"tracking": {
"current_release_date": "2024-11-05T20:52:55+00:00",
"generator": {
"date": "2024-11-05T20:52:55+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.1.1"
}
},
"id": "RHSA-2018:3592",
"initial_release_date": "2018-11-13T18:15:39+00:00",
"revision_history": [
{
"date": "2018-11-13T18:15:39+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-11-13T18:15:39+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-05T20:52:55+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Single Sign-On 7.2 for RHEL 6 Server",
"product": {
"name": "Red Hat Single Sign-On 7.2 for RHEL 6 Server",
"product_id": "6Server-RHSSO-7.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7::el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Single Sign-On"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-sso7-keycloak-server-0:3.4.14-1.Final_redhat_00001.1.jbcs.el6.noarch",
"product": {
"name": "rh-sso7-keycloak-server-0:3.4.14-1.Final_redhat_00001.1.jbcs.el6.noarch",
"product_id": "rh-sso7-keycloak-server-0:3.4.14-1.Final_redhat_00001.1.jbcs.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-sso7-keycloak-server@3.4.14-1.Final_redhat_00001.1.jbcs.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el6.noarch",
"product": {
"name": "rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el6.noarch",
"product_id": "rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-sso7-keycloak@3.4.14-1.Final_redhat_00001.1.jbcs.el6?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el6.src",
"product": {
"name": "rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el6.src",
"product_id": "rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-sso7-keycloak@3.4.14-1.Final_redhat_00001.1.jbcs.el6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el6.noarch as a component of Red Hat Single Sign-On 7.2 for RHEL 6 Server",
"product_id": "6Server-RHSSO-7.2:rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el6.noarch"
},
"product_reference": "rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el6.noarch",
"relates_to_product_reference": "6Server-RHSSO-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el6.src as a component of Red Hat Single Sign-On 7.2 for RHEL 6 Server",
"product_id": "6Server-RHSSO-7.2:rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el6.src"
},
"product_reference": "rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el6.src",
"relates_to_product_reference": "6Server-RHSSO-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-sso7-keycloak-server-0:3.4.14-1.Final_redhat_00001.1.jbcs.el6.noarch as a component of Red Hat Single Sign-On 7.2 for RHEL 6 Server",
"product_id": "6Server-RHSSO-7.2:rh-sso7-keycloak-server-0:3.4.14-1.Final_redhat_00001.1.jbcs.el6.noarch"
},
"product_reference": "rh-sso7-keycloak-server-0:3.4.14-1.Final_redhat_00001.1.jbcs.el6.noarch",
"relates_to_product_reference": "6Server-RHSSO-7.2"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Benjamin Berg"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2018-10894",
"cwe": {
"id": "CWE-345",
"name": "Insufficient Verification of Data Authenticity"
},
"discovery_date": "2018-05-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1599434"
}
],
"notes": [
{
"category": "description",
"text": "It was found that SAML authentication in Keycloak 3.4.3.Final incorrectly authenticated expired certificates. A malicious user could use this to access unauthorized data or possibly conduct further attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: auth permitted with expired certs in SAML client",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSSO-7.2:rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el6.noarch",
"6Server-RHSSO-7.2:rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el6.src",
"6Server-RHSSO-7.2:rh-sso7-keycloak-server-0:3.4.14-1.Final_redhat_00001.1.jbcs.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10894"
},
{
"category": "external",
"summary": "RHBZ#1599434",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1599434"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10894",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10894"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10894",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10894"
}
],
"release_date": "2018-07-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-11-13T18:15:39+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSSO-7.2:rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el6.noarch",
"6Server-RHSSO-7.2:rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el6.src",
"6Server-RHSSO-7.2:rh-sso7-keycloak-server-0:3.4.14-1.Final_redhat_00001.1.jbcs.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:3592"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"6Server-RHSSO-7.2:rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el6.noarch",
"6Server-RHSSO-7.2:rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el6.src",
"6Server-RHSSO-7.2:rh-sso7-keycloak-server-0:3.4.14-1.Final_redhat_00001.1.jbcs.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "keycloak: auth permitted with expired certs in SAML client"
},
{
"cve": "CVE-2018-14637",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2018-09-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1627851"
}
],
"notes": [
{
"category": "description",
"text": "The SAML broker consumer endpoint in Keycloak before version 4.6.0.Final ignores expiration conditions on SAML assertions. An attacker can exploit this vulnerability to perform a replay attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: expiration not validated in SAML broker consumer endpoint",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSSO-7.2:rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el6.noarch",
"6Server-RHSSO-7.2:rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el6.src",
"6Server-RHSSO-7.2:rh-sso7-keycloak-server-0:3.4.14-1.Final_redhat_00001.1.jbcs.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14637"
},
{
"category": "external",
"summary": "RHBZ#1627851",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1627851"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14637",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14637"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14637",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14637"
}
],
"release_date": "2018-11-27T20:23:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-11-13T18:15:39+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSSO-7.2:rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el6.noarch",
"6Server-RHSSO-7.2:rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el6.src",
"6Server-RHSSO-7.2:rh-sso7-keycloak-server-0:3.4.14-1.Final_redhat_00001.1.jbcs.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:3592"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"6Server-RHSSO-7.2:rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el6.noarch",
"6Server-RHSSO-7.2:rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el6.src",
"6Server-RHSSO-7.2:rh-sso7-keycloak-server-0:3.4.14-1.Final_redhat_00001.1.jbcs.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "keycloak: expiration not validated in SAML broker consumer endpoint"
},
{
"cve": "CVE-2018-14655",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2018-09-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1625396"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final. When using \u0027response_mode=form_post\u0027 it is possible to inject arbitrary Javascript-Code via the \u0027state\u0027-parameter in the authentication URL. This allows an XSS-Attack upon succesfully login.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: XSS-Vulnerability with response_mode=form_post",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSSO-7.2:rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el6.noarch",
"6Server-RHSSO-7.2:rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el6.src",
"6Server-RHSSO-7.2:rh-sso7-keycloak-server-0:3.4.14-1.Final_redhat_00001.1.jbcs.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14655"
},
{
"category": "external",
"summary": "RHBZ#1625396",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1625396"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14655",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14655"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14655",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14655"
}
],
"release_date": "2018-11-13T17:37:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-11-13T18:15:39+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSSO-7.2:rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el6.noarch",
"6Server-RHSSO-7.2:rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el6.src",
"6Server-RHSSO-7.2:rh-sso7-keycloak-server-0:3.4.14-1.Final_redhat_00001.1.jbcs.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:3592"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"6Server-RHSSO-7.2:rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el6.noarch",
"6Server-RHSSO-7.2:rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el6.src",
"6Server-RHSSO-7.2:rh-sso7-keycloak-server-0:3.4.14-1.Final_redhat_00001.1.jbcs.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "keycloak: XSS-Vulnerability with response_mode=form_post"
},
{
"cve": "CVE-2018-14657",
"cwe": {
"id": "CWE-307",
"name": "Improper Restriction of Excessive Authentication Attempts"
},
"discovery_date": "2018-09-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1625404"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Keycloak 4.2.1.Final, 4.3.0.Final. When TOPT enabled, an improper implementation of the Brute Force detection algorithm will not enforce its protection measures.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: brute force protection not working for the entire login workflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSSO-7.2:rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el6.noarch",
"6Server-RHSSO-7.2:rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el6.src",
"6Server-RHSSO-7.2:rh-sso7-keycloak-server-0:3.4.14-1.Final_redhat_00001.1.jbcs.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14657"
},
{
"category": "external",
"summary": "RHBZ#1625404",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1625404"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14657",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14657"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14657",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14657"
}
],
"release_date": "2018-11-13T17:37:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-11-13T18:15:39+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSSO-7.2:rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el6.noarch",
"6Server-RHSSO-7.2:rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el6.src",
"6Server-RHSSO-7.2:rh-sso7-keycloak-server-0:3.4.14-1.Final_redhat_00001.1.jbcs.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:3592"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"6Server-RHSSO-7.2:rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el6.noarch",
"6Server-RHSSO-7.2:rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el6.src",
"6Server-RHSSO-7.2:rh-sso7-keycloak-server-0:3.4.14-1.Final_redhat_00001.1.jbcs.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "keycloak: brute force protection not working for the entire login workflow"
},
{
"cve": "CVE-2018-14658",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"discovery_date": "2018-09-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1625409"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in JBOSS Keycloak 3.2.1.Final. The Redirect URL for both Login and Logout are not normalized in org.keycloak.protocol.oidc.utils.RedirectUtils before the redirect url is verified. This can lead to an Open Redirection attack",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: Open Redirect in Login and Logout",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSSO-7.2:rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el6.noarch",
"6Server-RHSSO-7.2:rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el6.src",
"6Server-RHSSO-7.2:rh-sso7-keycloak-server-0:3.4.14-1.Final_redhat_00001.1.jbcs.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14658"
},
{
"category": "external",
"summary": "RHBZ#1625409",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1625409"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14658",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14658"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14658",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14658"
}
],
"release_date": "2018-11-13T17:38:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-11-13T18:15:39+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSSO-7.2:rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el6.noarch",
"6Server-RHSSO-7.2:rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el6.src",
"6Server-RHSSO-7.2:rh-sso7-keycloak-server-0:3.4.14-1.Final_redhat_00001.1.jbcs.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:3592"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"6Server-RHSSO-7.2:rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el6.noarch",
"6Server-RHSSO-7.2:rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el6.src",
"6Server-RHSSO-7.2:rh-sso7-keycloak-server-0:3.4.14-1.Final_redhat_00001.1.jbcs.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "keycloak: Open Redirect in Login and Logout"
}
]
}
gsd-2018-10894
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
It was found that SAML authentication in Keycloak 3.4.3.Final incorrectly authenticated expired certificates. A malicious user could use this to access unauthorized data or possibly conduct further attacks.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-10894",
"description": "It was found that SAML authentication in Keycloak 3.4.3.Final incorrectly authenticated expired certificates. A malicious user could use this to access unauthorized data or possibly conduct further attacks.",
"id": "GSD-2018-10894",
"references": [
"https://access.redhat.com/errata/RHSA-2019:0877",
"https://access.redhat.com/errata/RHSA-2018:3595",
"https://access.redhat.com/errata/RHSA-2018:3593",
"https://access.redhat.com/errata/RHSA-2018:3592"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-10894"
],
"details": "It was found that SAML authentication in Keycloak 3.4.3.Final incorrectly authenticated expired certificates. A malicious user could use this to access unauthorized data or possibly conduct further attacks.",
"id": "GSD-2018-10894",
"modified": "2023-12-13T01:22:40.893976Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-10894",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "keycloak",
"version": {
"version_data": [
{
"version_value": "3.4.3.Final"
}
]
}
}
]
},
"vendor_name": "Red Hat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was found that SAML authentication in Keycloak 3.4.3.Final incorrectly authenticated expired certificates. A malicious user could use this to access unauthorized data or possibly conduct further attacks."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.4/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-345"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:3592",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3592"
},
{
"name": "RHSA-2018:3593",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3593"
},
{
"name": "RHSA-2018:3595",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3595"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10894",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10894"
},
{
"name": "RHSA-2019:0877",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0877"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "(,3.4.3)",
"affected_versions": "All versions before 3.4.3",
"cvss_v2": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-295",
"CWE-937"
],
"date": "2023-07-21",
"description": "It was found that SAML authentication in Keycloak 3.4.3.Final incorrectly authenticated expired certificates. A malicious user could use this to access unauthorized data or possibly conduct further attacks.",
"fixed_versions": [
"3.4.3"
],
"identifier": "CVE-2018-10894",
"identifiers": [
"GHSA-xvv8-8wh9-9fh2",
"CVE-2018-10894"
],
"not_impacted": "",
"package_slug": "maven/org.keycloak/keycloak-core",
"pubdate": "2022-05-13",
"solution": "Upgrade to version 3.4.3 or above.",
"title": "Improper Certificate Validation",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2018-10894",
"https://access.redhat.com/errata/RHSA-2018:3592",
"https://access.redhat.com/errata/RHSA-2018:3593",
"https://access.redhat.com/errata/RHSA-2018:3595",
"https://access.redhat.com/errata/RHSA-2019:0877",
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10894",
"https://github.com/advisories/GHSA-xvv8-8wh9-9fh2"
],
"uuid": "2b41d816-9eaf-4ed4-8197-b4ab8d2d9358"
},
{
"affected_range": "=3.4.3",
"affected_versions": "Version 3.4.3",
"cvss_v2": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-295",
"CWE-937"
],
"date": "2019-10-09",
"description": "It was found that SAML authentication in Keycloak incorrectly authenticated expired certificates. A malicious user could use this to access unauthorized data or possibly conduct further attacks.",
"fixed_versions": [
"4.0.0"
],
"identifier": "CVE-2018-10894",
"identifiers": [
"CVE-2018-10894"
],
"not_impacted": "All versions before 3.4.3, all versions after 3.4.3",
"package_slug": "npm/keycloak-connect",
"pubdate": "2018-08-01",
"solution": "Upgrade to version 4.0.0 or above.",
"title": "Improper Certificate Validation",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2018-10894",
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10894"
],
"uuid": "8f27398b-017a-44aa-898f-58cfe6cae9d2"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:keycloak:3.4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:single_sign-on:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-10894"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "It was found that SAML authentication in Keycloak 3.4.3.Final incorrectly authenticated expired certificates. A malicious user could use this to access unauthorized data or possibly conduct further attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10894",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10894"
},
{
"name": "RHSA-2018:3595",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3595"
},
{
"name": "RHSA-2018:3593",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3593"
},
{
"name": "RHSA-2018:3592",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3592"
},
{
"name": "RHSA-2019:0877",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0877"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
},
"lastModifiedDate": "2019-10-09T23:33Z",
"publishedDate": "2018-08-01T17:29Z"
}
}
}
ghsa-xvv8-8wh9-9fh2
Vulnerability from github
Published
2022-05-13 01:34
Modified
2023-10-06 17:25
Severity ?
Summary
Keycloak Authentication Error
Details
It was found that SAML authentication in Keycloak 3.4.3.Final incorrectly authenticated expired certificates. A malicious user could use this to access unauthorized data or possibly conduct further attacks.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.keycloak:keycloak-saml-adapter-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.4.0.Final"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.keycloak:keycloak-services"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.4.0.Final"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-10894"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": true,
"github_reviewed_at": "2023-07-21T21:34:55Z",
"nvd_published_at": "2018-08-01T17:29:00Z",
"severity": "MODERATE"
},
"details": "It was found that SAML authentication in Keycloak 3.4.3.Final incorrectly authenticated expired certificates. A malicious user could use this to access unauthorized data or possibly conduct further attacks.",
"id": "GHSA-xvv8-8wh9-9fh2",
"modified": "2023-10-06T17:25:01Z",
"published": "2022-05-13T01:34:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10894"
},
{
"type": "WEB",
"url": "https://github.com/keycloak/keycloak/commit/812e76c39b1e693e8f11e5549cca2c90631f372e"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:3592"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:3593"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:3595"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:0877"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10894"
},
{
"type": "PACKAGE",
"url": "https://github.com/keycloak/keycloak"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Keycloak Authentication Error"
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.