Action not permitted
Modal body text goes here.
cve-2020-1724
Vulnerability from cvelistv5
Published
2020-05-11 20:10
Modified
2024-08-04 06:46
Severity ?
EPSS score ?
Summary
A flaw was found in Keycloak in versions before 9.0.2. This flaw allows a malicious user that is currently logged in, to see the personal information of a previously logged out user in the account manager section.
References
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1724 | Issue Tracking, Vendor Advisory |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T06:46:30.888Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1724" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "keycloak", "vendor": "Red Hat", "versions": [ { "status": "affected", "version": "All versions before 9.0.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A flaw was found in Keycloak in versions before 9.0.2. This flaw allows a malicious user that is currently logged in, to see the personal information of a previously logged out user in the account manager section." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-613", "description": "CWE-613", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-05-11T20:10:24", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1724" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2020-1724", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "keycloak", "version": { "version_data": [ { "version_value": "All versions before 9.0.2" } ] } } ] }, "vendor_name": "Red Hat" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A flaw was found in Keycloak in versions before 9.0.2. This flaw allows a malicious user that is currently logged in, to see the personal information of a previously logged out user in the account manager section." } ] }, "impact": { "cvss": [ [ { "vectorString": "4.3/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" } ] ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-613" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1724", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1724" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2020-1724", "datePublished": "2020-05-11T20:10:24", "dateReserved": "2019-11-27T00:00:00", "dateUpdated": "2024-08-04T06:46:30.888Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2020-1724\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2020-05-11T21:15:11.487\",\"lastModified\":\"2023-11-07T03:19:29.547\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in Keycloak in versions before 9.0.2. This flaw allows a malicious user that is currently logged in, to see the personal information of a previously logged out user in the account manager section.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 un fallo en Keycloak en versiones anteriores a 9.0.2. Este fallo permite a un usuario malicioso que actualmente est\u00e1 registrado, visualizar la informaci\u00f3n personal de un usuario que previamente a cerrado sesi\u00f3n en la secci\u00f3n del administrador de la cuenta.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4},{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:N/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.0},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-613\"}]},{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-613\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.0.2\",\"matchCriteriaId\":\"CB33B1DA-11E2-4378-B6F8-81BB5A556262\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A33441B3-B301-426C-A976-08CE5FE72EFB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EFEC7CA-8DDA-48A6-A7B6-1F1D14792890\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1724\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]}]}}" } }
rhsa-2020_2108
Vulnerability from csaf_redhat
Published
2020-05-12 16:43
Modified
2024-11-15 06:10
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.3.8 security update on RHEL 8
Notes
Topic
New Red Hat Single Sign-On 7.3.8 packages are now available for Red Hat
Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details
Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.3.8 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.3.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* keycloak: security issue on reset credential flow (CVE-2020-1718)
* keycloak: improper verification of certificate with host mismatch could result in information disclosure (CVE-2020-1758)
* keycloak: problem with privacy after user logout (CVE-2020-1724)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "New Red Hat Single Sign-On 7.3.8 packages are now available for Red Hat\nEnterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of\nImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives\na detailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.3.8 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.3.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* keycloak: security issue on reset credential flow (CVE-2020-1718)\n\n* keycloak: improper verification of certificate with host mismatch could result in information disclosure (CVE-2020-1758)\n\n* keycloak: problem with privacy after user logout (CVE-2020-1724)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:2108", "url": "https://access.redhat.com/errata/RHSA-2020:2108" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.3/", "url": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.3/" }, { "category": "external", "summary": "1796756", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796756" }, { "category": "external", "summary": "1800527", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800527" }, { "category": "external", "summary": "1812514", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1812514" }, { "category": "external", "summary": "KEYCLOAK-13799", "url": "https://issues.redhat.com/browse/KEYCLOAK-13799" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_2108.json" } ], "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.3.8 security update on RHEL 8", "tracking": { "current_release_date": "2024-11-15T06:10:26+00:00", "generator": { "date": "2024-11-15T06:10:26+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2020:2108", "initial_release_date": "2020-05-12T16:43:13+00:00", "revision_history": [ { "date": "2020-05-12T16:43:13+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-05-12T16:43:13+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T06:10:26+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Single Sign-On 7.3 for RHEL 8", "product": { "name": "Red Hat Single Sign-On 7.3 for RHEL 8", "product_id": "8Base-RHSSO-7.3", "product_identification_helper": { "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7::el8" } } } ], "category": "product_family", "name": "Red Hat Single Sign-On" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el8sso.noarch", "product": { "name": "rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el8sso.noarch", "product_id": "rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el8sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@4.8.20-1.Final_redhat_00001.1.el8sso?arch=noarch" } } }, { "category": "product_version", "name": "rh-sso7-keycloak-server-0:4.8.20-1.Final_redhat_00001.1.el8sso.noarch", "product": { "name": "rh-sso7-keycloak-server-0:4.8.20-1.Final_redhat_00001.1.el8sso.noarch", "product_id": "rh-sso7-keycloak-server-0:4.8.20-1.Final_redhat_00001.1.el8sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak-server@4.8.20-1.Final_redhat_00001.1.el8sso?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el8sso.src", "product": { "name": "rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el8sso.src", "product_id": "rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el8sso.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@4.8.20-1.Final_redhat_00001.1.el8sso?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el8sso.noarch as a component of Red Hat Single Sign-On 7.3 for RHEL 8", "product_id": "8Base-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el8sso.noarch" }, "product_reference": "rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el8sso.noarch", "relates_to_product_reference": "8Base-RHSSO-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el8sso.src as a component of Red Hat Single Sign-On 7.3 for RHEL 8", "product_id": "8Base-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el8sso.src" }, "product_reference": "rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el8sso.src", "relates_to_product_reference": "8Base-RHSSO-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-server-0:4.8.20-1.Final_redhat_00001.1.el8sso.noarch as a component of Red Hat Single Sign-On 7.3 for RHEL 8", "product_id": "8Base-RHSSO-7.3:rh-sso7-keycloak-server-0:4.8.20-1.Final_redhat_00001.1.el8sso.noarch" }, "product_reference": "rh-sso7-keycloak-server-0:4.8.20-1.Final_redhat_00001.1.el8sso.noarch", "relates_to_product_reference": "8Base-RHSSO-7.3" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-1718", "cwe": { "id": "CWE-287", "name": "Improper Authentication" }, "discovery_date": "2020-01-31T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1796756" } ], "notes": [ { "category": "description", "text": "A flaw was found in the reset credential flow in Keycloak. This flaw allows an attacker to gain unauthorized access to the application.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: security issue on reset credential flow", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el8sso.src", "8Base-RHSSO-7.3:rh-sso7-keycloak-server-0:4.8.20-1.Final_redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1718" }, { "category": "external", "summary": "RHBZ#1796756", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796756" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1718", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1718" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1718", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1718" } ], "release_date": "2020-05-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-05-12T16:43:13+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el8sso.src", "8Base-RHSSO-7.3:rh-sso7-keycloak-server-0:4.8.20-1.Final_redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2108" }, { "category": "workaround", "details": "Disable reset credential flow.", "product_ids": [ "8Base-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el8sso.src", "8Base-RHSSO-7.3:rh-sso7-keycloak-server-0:4.8.20-1.Final_redhat_00001.1.el8sso.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el8sso.src", "8Base-RHSSO-7.3:rh-sso7-keycloak-server-0:4.8.20-1.Final_redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "keycloak: security issue on reset credential flow" }, { "acknowledgments": [ { "names": [ "Francesco Cusinato" ] } ], "cve": "CVE-2020-1724", "cwe": { "id": "CWE-613", "name": "Insufficient Session Expiration" }, "discovery_date": "2020-02-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1800527" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak. This flaw allows a malicious user that is currently logged in, to see the personal information of a previously logged out user in the account manager section.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: problem with privacy after user logout", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el8sso.src", "8Base-RHSSO-7.3:rh-sso7-keycloak-server-0:4.8.20-1.Final_redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1724" }, { "category": "external", "summary": "RHBZ#1800527", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800527" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1724", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1724" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1724", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1724" } ], "release_date": "2020-05-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-05-12T16:43:13+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el8sso.src", "8Base-RHSSO-7.3:rh-sso7-keycloak-server-0:4.8.20-1.Final_redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2108" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el8sso.src", "8Base-RHSSO-7.3:rh-sso7-keycloak-server-0:4.8.20-1.Final_redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "keycloak: problem with privacy after user logout" }, { "acknowledgments": [ { "names": [ "Peter St\u00f6ckli" ] } ], "cve": "CVE-2020-1758", "cwe": { "id": "CWE-297", "name": "Improper Validation of Certificate with Host Mismatch" }, "discovery_date": "2020-03-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1812514" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak, where it does not perform the TLS hostname verification while sending emails using the SMTP server. This flaw allows an attacker to perform a man-in-the-middle (MITM) attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: improper verification of certificate with host mismatch could result in information disclosure", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el8sso.src", "8Base-RHSSO-7.3:rh-sso7-keycloak-server-0:4.8.20-1.Final_redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1758" }, { "category": "external", "summary": "RHBZ#1812514", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1812514" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1758", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1758" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1758", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1758" }, { "category": "external", "summary": "https://issues.redhat.com/browse/KEYCLOAK-13285", "url": "https://issues.redhat.com/browse/KEYCLOAK-13285" } ], "release_date": "2020-05-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-05-12T16:43:13+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el8sso.src", "8Base-RHSSO-7.3:rh-sso7-keycloak-server-0:4.8.20-1.Final_redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2108" }, { "category": "workaround", "details": "Turn off all kinds of email notifications including password reset mails.", "product_ids": [ "8Base-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el8sso.src", "8Base-RHSSO-7.3:rh-sso7-keycloak-server-0:4.8.20-1.Final_redhat_00001.1.el8sso.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el8sso.src", "8Base-RHSSO-7.3:rh-sso7-keycloak-server-0:4.8.20-1.Final_redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: improper verification of certificate with host mismatch could result in information disclosure" } ] }
rhsa-2020_2905
Vulnerability from csaf_redhat
Published
2020-07-23 07:03
Modified
2024-11-15 09:35
Summary
Red Hat Security Advisory: Red Hat build of Thorntail 2.7.0 security and bug fix update
Notes
Topic
An update is now available for Red Hat build of Thorntail.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. For more information, see the CVE links in the References section.
Details
This release of Red Hat build of Thorntail 2.7.0 includes security updates, bug fixes, and enhancements. For more information, see the release notes listed in the References section.
Security Fix(es):
* Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain (CVE-2020-1719)
* cxf: reflected XSS in the services listing page (CVE-2019-17573)
* undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745)
* Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950)
* resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)
* undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass (CVE-2020-1757)
* keycloak: stored XSS in client settings via application links (CVE-2020-1697)
* keycloak: problem with privacy after user logout (CVE-2020-1724)
* keycloak: Password leak by logged exception in HttpMethod class (CVE-2020-1698)
* cxf: OpenId Connect token service does not properly validate the clientId (CVE-2019-12423)
* Soteria: security identity corruption across concurrent threads (CVE-2020-1732)
* keycloak: missing input validation in IDP authorization URLs (CVE-2020-1727)
* keycloak: failedLogin Event not sent to BruteForceProtector when using Post Login Flow with Conditional-OTP (CVE-2020-1744)
* keycloak: security issue on reset credential flow (CVE-2020-1718)
* keycloak: Lack of checks in ObjectInputStream leading to Remote Code Execution (CVE-2020-1714)
* RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack (CVE-2020-10688)
* undertow: invalid HTTP request with large chunk size (CVE-2020-10719)
* undertow: Memory exhaustion issue in HttpReadListener via "Expect: 100- continue" header (CVE-2020-10705)
For more details about the security issues and their impact, the CVSS score, acknowledgements, and other related information, see the CVE pages listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat build of Thorntail.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. For more information, see the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "This release of Red Hat build of Thorntail 2.7.0 includes security updates, bug fixes, and enhancements. For more information, see the release notes listed in the References section.\n\nSecurity Fix(es):\n\n* Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain (CVE-2020-1719)\n\n* cxf: reflected XSS in the services listing page (CVE-2019-17573)\n\n* undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745)\n\n* Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950)\n\n* resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)\n\n* undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass (CVE-2020-1757)\n\n* keycloak: stored XSS in client settings via application links (CVE-2020-1697)\n\n* keycloak: problem with privacy after user logout (CVE-2020-1724)\n\n* keycloak: Password leak by logged exception in HttpMethod class (CVE-2020-1698)\n\n* cxf: OpenId Connect token service does not properly validate the clientId (CVE-2019-12423)\n\n* Soteria: security identity corruption across concurrent threads (CVE-2020-1732)\n\n* keycloak: missing input validation in IDP authorization URLs (CVE-2020-1727)\n\n* keycloak: failedLogin Event not sent to BruteForceProtector when using Post Login Flow with Conditional-OTP (CVE-2020-1744)\n\n* keycloak: security issue on reset credential flow (CVE-2020-1718)\n\n* keycloak: Lack of checks in ObjectInputStream leading to Remote Code Execution (CVE-2020-1714)\n\n* RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack (CVE-2020-10688)\n\n* undertow: invalid HTTP request with large chunk size (CVE-2020-10719)\n\n* undertow: Memory exhaustion issue in HttpReadListener via \"Expect: 100- continue\" header (CVE-2020-10705)\n\nFor more details about the security issues and their impact, the CVSS score, acknowledgements, and other related information, see the CVE pages listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:2905", "url": "https://access.redhat.com/errata/RHSA-2020:2905" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=catRhoar.thorntail\u0026version=2.7.0", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=catRhoar.thorntail\u0026version=2.7.0" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_build_of_thorntail/2.7/html/release_notes_for_thorntail_2.7/", "url": "https://access.redhat.com/documentation/en-us/red_hat_build_of_thorntail/2.7/html/release_notes_for_thorntail_2.7/" }, { "category": "external", "summary": "1705975", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1705975" }, { "category": "external", "summary": "1730462", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730462" }, { "category": "external", "summary": "1752770", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752770" }, { "category": "external", "summary": "1790292", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1790292" }, { "category": "external", "summary": "1791538", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791538" }, { "category": "external", "summary": "1796617", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796617" }, { "category": "external", "summary": "1796756", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796756" }, { "category": "external", "summary": "1797006", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1797006" }, { "category": "external", "summary": "1797011", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1797011" }, { "category": "external", "summary": "1800527", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800527" }, { "category": "external", "summary": "1800573", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800573" }, { "category": "external", "summary": "1801726", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801726" }, { "category": "external", "summary": "1803241", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1803241" }, { "category": "external", "summary": "1805006", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805006" }, { "category": "external", "summary": "1805792", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805792" }, { "category": "external", "summary": "1807305", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807305" }, { "category": "external", "summary": "1814974", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1814974" }, { "category": "external", "summary": "1828459", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828459" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_2905.json" } ], "title": "Red Hat Security Advisory: Red Hat build of Thorntail 2.7.0 security and bug fix update", "tracking": { "current_release_date": "2024-11-15T09:35:53+00:00", "generator": { "date": "2024-11-15T09:35:53+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2020:2905", "initial_release_date": "2020-07-23T07:03:40+00:00", "revision_history": [ { "date": "2020-07-23T07:03:40+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-07-23T07:03:40+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T09:35:53+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Text-Only RHOAR", "product": { "name": "Text-Only RHOAR", "product_id": "Text-Only RHOAR", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0" } } } ], "category": "product_family", "name": "Red Hat OpenShift Application Runtimes" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2019-12423", "cwe": { "id": "CWE-522", "name": "Insufficiently Protected Credentials" }, "discovery_date": "2020-01-31T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1797006" } ], "notes": [ { "category": "description", "text": "Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service. Typically, the service obtains the public key from a local keystore (JKS/PKCS12) by specifing the path of the keystore and the alias of the keystore entry. This case is not vulnerable. However it is also possible to obtain the keys from a JWK keystore file, by setting the configuration parameter \"rs.security.keystore.type\" to \"jwk\". For this case all keys are returned in this file \"as is\", including all private key and secret key credentials. This is an obvious security risk if the user has configured the signature keystore file with private or secret key credentials. From CXF 3.3.5 and 3.2.12, it is mandatory to specify an alias corresponding to the id of the key in the JWK file, and only this key is returned. In addition, any private key information is omitted by default. \"oct\" keys, which contain secret keys, are not returned at all.", "title": "Vulnerability description" }, { "category": "summary", "text": "cxf: OpenId Connect token service does not properly validate the clientId", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only RHOAR" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-12423" }, { "category": "external", "summary": "RHBZ#1797006", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1797006" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-12423", "url": "https://www.cve.org/CVERecord?id=CVE-2019-12423" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-12423", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12423" } ], "release_date": "2020-01-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-23T07:03:40+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Text-Only RHOAR" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2905" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Text-Only RHOAR" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "cxf: OpenId Connect token service does not properly validate the clientId" }, { "cve": "CVE-2019-17573", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2020-01-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1797011" } ], "notes": [ { "category": "description", "text": "By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack, which allows a malicious actor to inject javascript into the web page. Please note that the attack exploits a feature which is not typically not present in modern browsers, who remove dot segments before sending the request. However, Mobile applications may be vulnerable.", "title": "Vulnerability description" }, { "category": "summary", "text": "cxf: reflected XSS in the services listing page", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only RHOAR" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-17573" }, { "category": "external", "summary": "RHBZ#1797011", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1797011" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-17573", "url": "https://www.cve.org/CVERecord?id=CVE-2019-17573" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-17573", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17573" } ], "release_date": "2020-01-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-23T07:03:40+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Text-Only RHOAR" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2905" }, { "category": "workaround", "details": "Mitigate this flaw by disabling the service listing altogether; via setting the \"hide-service-list-page\" servlet parameter to \"true\".", "product_ids": [ "Text-Only RHOAR" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "Text-Only RHOAR" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "cxf: reflected XSS in the services listing page" }, { "acknowledgments": [ { "names": [ "Mirko Selber" ], "organization": "Compass Security" } ], "cve": "CVE-2020-1695", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2019-07-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1730462" } ], "notes": [ { "category": "description", "text": "A flaw was found in Resteasy, where an improper input validation results in returning an illegal header that integrates into the server\u0027s response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.", "title": "Vulnerability description" }, { "category": "summary", "text": "resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only RHOAR" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1695" }, { "category": "external", "summary": "RHBZ#1730462", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730462" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1695", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1695" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1695", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1695" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-23T07:03:40+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Text-Only RHOAR" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2905" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" }, "products": [ "Text-Only RHOAR" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class" }, { "acknowledgments": [ { "names": [ "Cure53 Berlin" ] } ], "cve": "CVE-2020-1697", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2020-01-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1791538" } ], "notes": [ { "category": "description", "text": "A flaw was found during the assessment of the Admin Console application for Keycloak, where it was found that Application Links to external applications are not validated properly. An attacker could use this flaw to cause Stored XSS attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: stored XSS in client settings via application links", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only RHOAR" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1697" }, { "category": "external", "summary": "RHBZ#1791538", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791538" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1697", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1697" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1697", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1697" } ], "release_date": "2020-02-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-23T07:03:40+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Text-Only RHOAR" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2905" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "Text-Only RHOAR" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: stored XSS in client settings via application links" }, { "acknowledgments": [ { "names": [ "Tobias Friedrich" ] } ], "cve": "CVE-2020-1698", "cwe": { "id": "CWE-532", "name": "Insertion of Sensitive Information into Log File" }, "discovery_date": "2020-01-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1790292" } ], "notes": [ { "category": "description", "text": "A flaw was found in keycloak. A logged exception in the HttpMethod class may leak the password given as parameter. The highest threat from this vulnerability is to data confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Password leak by logged exception in HttpMethod class", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only RHOAR" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1698" }, { "category": "external", "summary": "RHBZ#1790292", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1790292" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1698", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1698" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1698", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1698" } ], "release_date": "2020-05-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-23T07:03:40+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Text-Only RHOAR" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2905" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Text-Only RHOAR" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "keycloak: Password leak by logged exception in HttpMethod class" }, { "acknowledgments": [ { "names": [ "Thomas Darimont" ] } ], "cve": "CVE-2020-1714", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2019-04-29T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1705975" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potentially lead to remote code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Lack of checks in ObjectInputStream leading to Remote Code Execution", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only RHOAR" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1714" }, { "category": "external", "summary": "RHBZ#1705975", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1705975" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1714", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1714" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1714", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1714" } ], "release_date": "2020-05-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-23T07:03:40+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Text-Only RHOAR" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2905" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "Text-Only RHOAR" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Text-Only RHOAR" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "keycloak: Lack of checks in ObjectInputStream leading to Remote Code Execution" }, { "cve": "CVE-2020-1718", "cwe": { "id": "CWE-287", "name": "Improper Authentication" }, "discovery_date": "2020-01-31T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1796756" } ], "notes": [ { "category": "description", "text": "A flaw was found in the reset credential flow in Keycloak. This flaw allows an attacker to gain unauthorized access to the application.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: security issue on reset credential flow", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only RHOAR" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1718" }, { "category": "external", "summary": "RHBZ#1796756", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796756" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1718", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1718" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1718", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1718" } ], "release_date": "2020-05-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-23T07:03:40+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Text-Only RHOAR" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2905" }, { "category": "workaround", "details": "Disable reset credential flow.", "product_ids": [ "Text-Only RHOAR" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Text-Only RHOAR" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "keycloak: security issue on reset credential flow" }, { "cve": "CVE-2020-1719", "cwe": { "id": "CWE-270", "name": "Privilege Context Switching Error" }, "discovery_date": "2019-08-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1796617" } ], "notes": [ { "category": "description", "text": "A flaw was found in wildfly. The EJBContext principle is not popped back after invoking another EJB using a different Security Domain. The highest threat from this vulnerability is to data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only RHOAR" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1719" }, { "category": "external", "summary": "RHBZ#1796617", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796617" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1719", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1719" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1719", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1719" } ], "release_date": "2019-06-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-23T07:03:40+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Text-Only RHOAR" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2905" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "Text-Only RHOAR" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain" }, { "acknowledgments": [ { "names": [ "Francesco Cusinato" ] } ], "cve": "CVE-2020-1724", "cwe": { "id": "CWE-613", "name": "Insufficient Session Expiration" }, "discovery_date": "2020-02-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1800527" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak. This flaw allows a malicious user that is currently logged in, to see the personal information of a previously logged out user in the account manager section.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: problem with privacy after user logout", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only RHOAR" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1724" }, { "category": "external", "summary": "RHBZ#1800527", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800527" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1724", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1724" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1724", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1724" } ], "release_date": "2020-05-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-23T07:03:40+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Text-Only RHOAR" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2905" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "Text-Only RHOAR" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "keycloak: problem with privacy after user logout" }, { "acknowledgments": [ { "names": [ "Sebastian Moritz" ], "organization": "Cure53" } ], "cve": "CVE-2020-1727", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2020-02-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1800573" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak, where every Authorization URL that points to an IDP server lacks proper input validation as it allows a wide range of characters. This flaw allows a malicious to craft deep links that introduce further attack scenarios on affected clients.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: missing input validation in IDP authorization URLs", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only RHOAR" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1727" }, { "category": "external", "summary": "RHBZ#1800573", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800573" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1727", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1727" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1727", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1727" } ], "release_date": "2020-05-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-23T07:03:40+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Text-Only RHOAR" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2905" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "Text-Only RHOAR" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: missing input validation in IDP authorization URLs" }, { "cve": "CVE-2020-1732", "cwe": { "id": "CWE-284", "name": "Improper Access Control" }, "discovery_date": "2020-02-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1801726" } ], "notes": [ { "category": "description", "text": "A flaw was found in WildFly where multiple requests occurring concurrently could be handled using the identity of another request. This vulnerability occurs when using EE Security with WildFly Elytron. The largest threat from this vulnerability is data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "Soteria: security identity corruption across concurrent threads", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only RHOAR" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1732" }, { "category": "external", "summary": "RHBZ#1801726", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801726" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1732", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1732" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1732", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1732" } ], "release_date": "2020-02-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-23T07:03:40+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Text-Only RHOAR" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2905" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "Text-Only RHOAR" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Soteria: security identity corruption across concurrent threads" }, { "cve": "CVE-2020-1744", "cwe": { "id": "CWE-755", "name": "Improper Handling of Exceptional Conditions" }, "discovery_date": "2020-02-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1805792" } ], "notes": [ { "category": "description", "text": "A flaw was found in keycloak. BruteForceProtector does not handle Conditional OTP Authentication Flow login failure events due to these events not being sent to the brute force protection event queue. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: failedLogin Event not sent to BruteForceProtector when using Post Login Flow with Conditional-OTP", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only RHOAR" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1744" }, { "category": "external", "summary": "RHBZ#1805792", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805792" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1744", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1744" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1744", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1744" } ], "release_date": "2020-03-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-23T07:03:40+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Text-Only RHOAR" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2905" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "Text-Only RHOAR" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: failedLogin Event not sent to BruteForceProtector when using Post Login Flow with Conditional-OTP" }, { "acknowledgments": [ { "names": [ "Steve Zapantis", "Robert Roberson", "taktakdb4g" ] } ], "cve": "CVE-2020-1745", "cwe": { "id": "CWE-285", "name": "Improper Authorization" }, "discovery_date": "2020-02-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1807305" } ], "notes": [ { "category": "description", "text": "A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and trigger this vulnerability to gain remote code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: AJP File Read/Inclusion Vulnerability", "title": "Vulnerability summary" }, { "category": "other", "text": "Please refer to the Red Hat knowledgebase article: https://access.redhat.com/solutions/4851251 and CVE page https://access.redhat.com/security/cve/cve-2020-1938", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only RHOAR" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1745" }, { "category": "external", "summary": "RHBZ#1807305", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807305" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1745", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1745" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1745", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1745" }, { "category": "external", "summary": "https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/", "url": "https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/" }, { "category": "external", "summary": "https://www.cnvd.org.cn/webinfo/show/5415", "url": "https://www.cnvd.org.cn/webinfo/show/5415" }, { "category": "external", "summary": "https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487", "url": "https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487" } ], "release_date": "2020-02-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-23T07:03:40+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Text-Only RHOAR" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2905" }, { "category": "workaround", "details": "Please refer to the Red Hat knowledgebase article: https://access.redhat.com/solutions/4851251", "product_ids": [ "Text-Only RHOAR" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", "version": "3.1" }, "products": [ "Text-Only RHOAR" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "undertow: AJP File Read/Inclusion Vulnerability" }, { "acknowledgments": [ { "names": [ "Fedorov Oleksii", "Keitaro Yamazaki", "Shiga Ryota" ], "organization": "LINE Corporation" } ], "cve": "CVE-2020-1757", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2019-09-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1752770" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow, where the servlet container causes the servletPath to normalize incorrectly by truncating the path after the semicolon. The flaw may lead to application mapping, resulting in a security bypass.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only RHOAR" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1757" }, { "category": "external", "summary": "RHBZ#1752770", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752770" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1757", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1757" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1757", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1757" } ], "release_date": "2018-12-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-23T07:03:40+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Text-Only RHOAR" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2905" }, { "category": "workaround", "details": "The issue can be mitigated by configuring UrlPathHelper to ignore the servletPath via setting \"alwaysUseFullPath\".", "product_ids": [ "Text-Only RHOAR" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.0" }, "products": [ "Text-Only RHOAR" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass" }, { "acknowledgments": [ { "names": [ "An Trinh" ] } ], "cve": "CVE-2020-6950", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2019-12-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1805006" } ], "notes": [ { "category": "description", "text": "A flaw was found in Eclipse Mojarra before version 2.3.14, where it is vulnerable to a path traversal flaw via the loc parameter or the con parameter. An attacker could exploit this flaw to read arbitrary files.", "title": "Vulnerability description" }, { "category": "summary", "text": "Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only RHOAR" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6950" }, { "category": "external", "summary": "RHBZ#1805006", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805006" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6950", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6950" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6950", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6950" }, { "category": "external", "summary": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943", "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943" }, { "category": "external", "summary": "https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24", "url": "https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24" }, { "category": "external", "summary": "https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741", "url": "https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741" }, { "category": "external", "summary": "https://github.com/eclipse-ee4j/mojarra/issues/4571", "url": "https://github.com/eclipse-ee4j/mojarra/issues/4571" }, { "category": "external", "summary": "https://github.com/javaserverfaces/mojarra/issues/4364", "url": "https://github.com/javaserverfaces/mojarra/issues/4364" } ], "release_date": "2020-02-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-23T07:03:40+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Text-Only RHOAR" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2905" }, { "category": "workaround", "details": "There is no currently known mitigation for this flaw.", "product_ids": [ "Text-Only RHOAR" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Text-Only RHOAR" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371" }, { "cve": "CVE-2020-10688", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2020-03-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1814974" } ], "notes": [ { "category": "description", "text": "A cross-site scripting (XSS) flaw was found in RESTEasy, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only RHOAR" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10688" }, { "category": "external", "summary": "RHBZ#1814974", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1814974" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10688", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10688" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10688", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10688" }, { "category": "external", "summary": "https://github.com/quarkusio/quarkus/issues/7248", "url": "https://github.com/quarkusio/quarkus/issues/7248" }, { "category": "external", "summary": "https://issues.redhat.com/browse/RESTEASY-2519", "url": "https://issues.redhat.com/browse/RESTEASY-2519" } ], "release_date": "2020-02-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-23T07:03:40+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Text-Only RHOAR" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2905" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "Text-Only RHOAR" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack" }, { "cve": "CVE-2020-10705", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-02-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1803241" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in Undertow where certain requests to the \"Expect: 100-continue\" header may cause an out of memory error. This flaw may potentially lead to a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Memory exhaustion issue in HttpReadListener via \"Expect: 100-continue\" header", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only RHOAR" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10705" }, { "category": "external", "summary": "RHBZ#1803241", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1803241" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10705", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10705" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10705", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10705" } ], "release_date": "2020-05-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-23T07:03:40+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Text-Only RHOAR" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2905" }, { "category": "workaround", "details": "There is currently no known mitigation for this security flaw.", "product_ids": [ "Text-Only RHOAR" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Text-Only RHOAR" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "undertow: Memory exhaustion issue in HttpReadListener via \"Expect: 100-continue\" header" }, { "acknowledgments": [ { "names": [ "ZeddYu" ] } ], "cve": "CVE-2020-10719", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2020-02-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1828459" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: invalid HTTP request with large chunk size", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only RHOAR" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10719" }, { "category": "external", "summary": "RHBZ#1828459", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828459" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10719", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10719" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10719", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10719" } ], "release_date": "2020-05-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-23T07:03:40+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Text-Only RHOAR" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2905" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "Text-Only RHOAR" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: invalid HTTP request with large chunk size" } ] }
rhsa-2020_2107
Vulnerability from csaf_redhat
Published
2020-05-12 16:42
Modified
2024-11-15 06:10
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.3.8 security update on RHEL 7
Notes
Topic
New Red Hat Single Sign-On 7.3.8 packages are now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.3.8 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.3.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* keycloak: security issue on reset credential flow (CVE-2020-1718)
* keycloak: improper verification of certificate with host mismatch could result in information disclosure (CVE-2020-1758)
* keycloak: problem with privacy after user logout (CVE-2020-1724)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "New Red Hat Single Sign-On 7.3.8 packages are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.3.8 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.3.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* keycloak: security issue on reset credential flow (CVE-2020-1718)\n\n* keycloak: improper verification of certificate with host mismatch could result in information disclosure (CVE-2020-1758)\n\n* keycloak: problem with privacy after user logout (CVE-2020-1724)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:2107", "url": "https://access.redhat.com/errata/RHSA-2020:2107" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.3/", "url": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.3/" }, { "category": "external", "summary": "1796756", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796756" }, { "category": "external", "summary": "1800527", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800527" }, { "category": "external", "summary": "1812514", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1812514" }, { "category": "external", "summary": "KEYCLOAK-13798", "url": "https://issues.redhat.com/browse/KEYCLOAK-13798" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_2107.json" } ], "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.3.8 security update on RHEL 7", "tracking": { "current_release_date": "2024-11-15T06:10:19+00:00", "generator": { "date": "2024-11-15T06:10:19+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2020:2107", "initial_release_date": "2020-05-12T16:42:59+00:00", "revision_history": [ { "date": "2020-05-12T16:42:59+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-05-12T16:42:59+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T06:10:19+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Single Sign-On 7.3 for RHEL 7 Server", "product": { "name": "Red Hat Single Sign-On 7.3 for RHEL 7 Server", "product_id": "7Server-RHSSO-7.3", "product_identification_helper": { "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7::el7" } } } ], "category": "product_family", "name": "Red Hat Single Sign-On" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el7sso.noarch", "product": { "name": "rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el7sso.noarch", "product_id": "rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el7sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@4.8.20-1.Final_redhat_00001.1.el7sso?arch=noarch" } } }, { "category": "product_version", "name": "rh-sso7-keycloak-server-0:4.8.20-1.Final_redhat_00001.1.el7sso.noarch", "product": { "name": "rh-sso7-keycloak-server-0:4.8.20-1.Final_redhat_00001.1.el7sso.noarch", "product_id": "rh-sso7-keycloak-server-0:4.8.20-1.Final_redhat_00001.1.el7sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak-server@4.8.20-1.Final_redhat_00001.1.el7sso?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el7sso.src", "product": { "name": "rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el7sso.src", "product_id": "rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el7sso.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@4.8.20-1.Final_redhat_00001.1.el7sso?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el7sso.noarch as a component of Red Hat Single Sign-On 7.3 for RHEL 7 Server", "product_id": "7Server-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el7sso.noarch" }, "product_reference": "rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el7sso.noarch", "relates_to_product_reference": "7Server-RHSSO-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el7sso.src as a component of Red Hat Single Sign-On 7.3 for RHEL 7 Server", "product_id": "7Server-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el7sso.src" }, "product_reference": "rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el7sso.src", "relates_to_product_reference": "7Server-RHSSO-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-server-0:4.8.20-1.Final_redhat_00001.1.el7sso.noarch as a component of Red Hat Single Sign-On 7.3 for RHEL 7 Server", "product_id": "7Server-RHSSO-7.3:rh-sso7-keycloak-server-0:4.8.20-1.Final_redhat_00001.1.el7sso.noarch" }, "product_reference": "rh-sso7-keycloak-server-0:4.8.20-1.Final_redhat_00001.1.el7sso.noarch", "relates_to_product_reference": "7Server-RHSSO-7.3" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-1718", "cwe": { "id": "CWE-287", "name": "Improper Authentication" }, "discovery_date": "2020-01-31T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1796756" } ], "notes": [ { "category": "description", "text": "A flaw was found in the reset credential flow in Keycloak. This flaw allows an attacker to gain unauthorized access to the application.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: security issue on reset credential flow", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el7sso.src", "7Server-RHSSO-7.3:rh-sso7-keycloak-server-0:4.8.20-1.Final_redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1718" }, { "category": "external", "summary": "RHBZ#1796756", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796756" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1718", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1718" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1718", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1718" } ], "release_date": "2020-05-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-05-12T16:42:59+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el7sso.src", "7Server-RHSSO-7.3:rh-sso7-keycloak-server-0:4.8.20-1.Final_redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2107" }, { "category": "workaround", "details": "Disable reset credential flow.", "product_ids": [ "7Server-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el7sso.src", "7Server-RHSSO-7.3:rh-sso7-keycloak-server-0:4.8.20-1.Final_redhat_00001.1.el7sso.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el7sso.src", "7Server-RHSSO-7.3:rh-sso7-keycloak-server-0:4.8.20-1.Final_redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "keycloak: security issue on reset credential flow" }, { "acknowledgments": [ { "names": [ "Francesco Cusinato" ] } ], "cve": "CVE-2020-1724", "cwe": { "id": "CWE-613", "name": "Insufficient Session Expiration" }, "discovery_date": "2020-02-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1800527" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak. This flaw allows a malicious user that is currently logged in, to see the personal information of a previously logged out user in the account manager section.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: problem with privacy after user logout", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el7sso.src", "7Server-RHSSO-7.3:rh-sso7-keycloak-server-0:4.8.20-1.Final_redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1724" }, { "category": "external", "summary": "RHBZ#1800527", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800527" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1724", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1724" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1724", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1724" } ], "release_date": "2020-05-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-05-12T16:42:59+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el7sso.src", "7Server-RHSSO-7.3:rh-sso7-keycloak-server-0:4.8.20-1.Final_redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2107" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "7Server-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el7sso.src", "7Server-RHSSO-7.3:rh-sso7-keycloak-server-0:4.8.20-1.Final_redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "keycloak: problem with privacy after user logout" }, { "acknowledgments": [ { "names": [ "Peter St\u00f6ckli" ] } ], "cve": "CVE-2020-1758", "cwe": { "id": "CWE-297", "name": "Improper Validation of Certificate with Host Mismatch" }, "discovery_date": "2020-03-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1812514" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak, where it does not perform the TLS hostname verification while sending emails using the SMTP server. This flaw allows an attacker to perform a man-in-the-middle (MITM) attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: improper verification of certificate with host mismatch could result in information disclosure", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el7sso.src", "7Server-RHSSO-7.3:rh-sso7-keycloak-server-0:4.8.20-1.Final_redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1758" }, { "category": "external", "summary": "RHBZ#1812514", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1812514" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1758", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1758" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1758", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1758" }, { "category": "external", "summary": "https://issues.redhat.com/browse/KEYCLOAK-13285", "url": "https://issues.redhat.com/browse/KEYCLOAK-13285" } ], "release_date": "2020-05-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-05-12T16:42:59+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el7sso.src", "7Server-RHSSO-7.3:rh-sso7-keycloak-server-0:4.8.20-1.Final_redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2107" }, { "category": "workaround", "details": "Turn off all kinds of email notifications including password reset mails.", "product_ids": [ "7Server-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el7sso.src", "7Server-RHSSO-7.3:rh-sso7-keycloak-server-0:4.8.20-1.Final_redhat_00001.1.el7sso.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "7Server-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el7sso.src", "7Server-RHSSO-7.3:rh-sso7-keycloak-server-0:4.8.20-1.Final_redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: improper verification of certificate with host mismatch could result in information disclosure" } ] }
rhsa-2020_2112
Vulnerability from csaf_redhat
Published
2020-05-12 17:16
Modified
2024-11-15 09:34
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.3.8 security update
Notes
Topic
A security update is now available for Red Hat Single Sign-On 7.3 from the Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.3.8 serves as a replacement for Red Hat Single Sign-On 7.3.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* keycloak: security issue on reset credential flow (CVE-2020-1718)
* undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass (CVE-2020-1757)
* jackson-mapper-asl: XML external entity similar to CVE-2016-3720 (CVE-2019-10172)
* hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)
* cxf: reflected XSS in the services listing page (CVE-2019-17573)
* resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)
* Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain (CVE-2020-1719)
* keycloak: improper verification of certificate with host mismatch could result in information disclosure (CVE-2020-1758)
* cryptacular: excessive memory allocation during a decode operation (CVE-2020-7226)
* keycloak: problem with privacy after user logout (CVE-2020-1724)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A security update is now available for Red Hat Single Sign-On 7.3 from the Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.3.8 serves as a replacement for Red Hat Single Sign-On 7.3.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* keycloak: security issue on reset credential flow (CVE-2020-1718)\n\n* undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass (CVE-2020-1757)\n\n* jackson-mapper-asl: XML external entity similar to CVE-2016-3720 (CVE-2019-10172)\n\n* hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)\n\n* cxf: reflected XSS in the services listing page (CVE-2019-17573)\n\n* resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)\n\n* Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain (CVE-2020-1719)\n\n* keycloak: improper verification of certificate with host mismatch could result in information disclosure (CVE-2020-1758)\n\n* cryptacular: excessive memory allocation during a decode operation (CVE-2020-7226)\n\n* keycloak: problem with privacy after user logout (CVE-2020-1724)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:2112", "url": "https://access.redhat.com/errata/RHSA-2020:2112" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.rhsso\u0026downloadType=securityPatches\u0026version=7.3", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.rhsso\u0026downloadType=securityPatches\u0026version=7.3" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.3/", "url": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.3/" }, { "category": "external", "summary": "1666499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499" }, { "category": "external", "summary": "1715075", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1715075" }, { "category": "external", "summary": "1730462", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730462" }, { "category": "external", "summary": "1752770", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752770" }, { "category": "external", "summary": "1796617", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796617" }, { "category": "external", "summary": "1796756", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796756" }, { "category": "external", "summary": "1797011", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1797011" }, { "category": "external", "summary": "1800527", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800527" }, { "category": "external", "summary": "1801380", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801380" }, { "category": "external", "summary": "1812514", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1812514" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_2112.json" } ], "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.3.8 security update", "tracking": { "current_release_date": "2024-11-15T09:34:33+00:00", "generator": { "date": "2024-11-15T09:34:33+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2020:2112", "initial_release_date": "2020-05-12T17:16:57+00:00", "revision_history": [ { "date": "2020-05-12T17:16:57+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-05-12T17:16:57+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T09:34:33+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Single Sign On 7.3.8", "product": { "name": "Red Hat Single Sign On 7.3.8", "product_id": "Red Hat Single Sign On 7.3.8", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_single_sign_on:7.3" } } } ], "category": "product_family", "name": "Red Hat Single Sign-On" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Brian Stansberry" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2019-10172", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2019-04-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1715075" } ], "notes": [ { "category": "description", "text": "A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries such that an XML external entity (XXE) vulnerability affects codehaus\u0027s jackson-mapper-asl libraries. This vulnerability is similar to CVE-2016-3720. The primary threat from this flaw is data integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-mapper-asl: XML external entity similar to CVE-2016-3720", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign On 7.3.8" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-10172" }, { "category": "external", "summary": "RHBZ#1715075", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1715075" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-10172", "url": "https://www.cve.org/CVERecord?id=CVE-2019-10172" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10172", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10172" } ], "release_date": "2019-11-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-05-12T17:16:57+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign On 7.3.8" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2112" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" }, "products": [ "Red Hat Single Sign On 7.3.8" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-mapper-asl: XML external entity similar to CVE-2016-3720" }, { "acknowledgments": [ { "names": [ "Guillaume Smet" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2019-14900", "cwe": { "id": "CWE-89", "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)" }, "discovery_date": "2019-01-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1666499" } ], "notes": [ { "category": "description", "text": "A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate: SQL injection issue in Hibernate ORM", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenDaylight:\nIn RHOSP10, RHOSP13 and RHOSP14 editions of Red Hat OpenStack platform, the hibernate-jfa library shipped with OpenDaylight is contains a flaw in the processing of SQL queries. The hibernate-jha implemenation is not used in a vulnerable way in OpenDaylight, preventing the potential for SQL injection.\n\nRed Hat Satellite 6.2, 6.3 and 6.4 contains affected versions of hibernate-core in its candlepin component. However, that component does not use hibernate-core in a vulnerable way.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign On 7.3.8" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-14900" }, { "category": "external", "summary": "RHBZ#1666499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-14900", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14900" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900" } ], "release_date": "2020-05-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-05-12T17:16:57+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign On 7.3.8" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2112" }, { "category": "workaround", "details": "There is no currently known mitigation for this flaw.", "product_ids": [ "Red Hat Single Sign On 7.3.8" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat Single Sign On 7.3.8" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hibernate: SQL injection issue in Hibernate ORM" }, { "cve": "CVE-2019-17573", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2020-01-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1797011" } ], "notes": [ { "category": "description", "text": "By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack, which allows a malicious actor to inject javascript into the web page. Please note that the attack exploits a feature which is not typically not present in modern browsers, who remove dot segments before sending the request. However, Mobile applications may be vulnerable.", "title": "Vulnerability description" }, { "category": "summary", "text": "cxf: reflected XSS in the services listing page", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign On 7.3.8" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-17573" }, { "category": "external", "summary": "RHBZ#1797011", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1797011" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-17573", "url": "https://www.cve.org/CVERecord?id=CVE-2019-17573" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-17573", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17573" } ], "release_date": "2020-01-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-05-12T17:16:57+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign On 7.3.8" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2112" }, { "category": "workaround", "details": "Mitigate this flaw by disabling the service listing altogether; via setting the \"hide-service-list-page\" servlet parameter to \"true\".", "product_ids": [ "Red Hat Single Sign On 7.3.8" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat Single Sign On 7.3.8" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "cxf: reflected XSS in the services listing page" }, { "acknowledgments": [ { "names": [ "Mirko Selber" ], "organization": "Compass Security" } ], "cve": "CVE-2020-1695", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2019-07-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1730462" } ], "notes": [ { "category": "description", "text": "A flaw was found in Resteasy, where an improper input validation results in returning an illegal header that integrates into the server\u0027s response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.", "title": "Vulnerability description" }, { "category": "summary", "text": "resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign On 7.3.8" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1695" }, { "category": "external", "summary": "RHBZ#1730462", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730462" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1695", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1695" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1695", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1695" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-05-12T17:16:57+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign On 7.3.8" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2112" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" }, "products": [ "Red Hat Single Sign On 7.3.8" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class" }, { "cve": "CVE-2020-1718", "cwe": { "id": "CWE-287", "name": "Improper Authentication" }, "discovery_date": "2020-01-31T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1796756" } ], "notes": [ { "category": "description", "text": "A flaw was found in the reset credential flow in Keycloak. This flaw allows an attacker to gain unauthorized access to the application.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: security issue on reset credential flow", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign On 7.3.8" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1718" }, { "category": "external", "summary": "RHBZ#1796756", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796756" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1718", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1718" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1718", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1718" } ], "release_date": "2020-05-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-05-12T17:16:57+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign On 7.3.8" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2112" }, { "category": "workaround", "details": "Disable reset credential flow.", "product_ids": [ "Red Hat Single Sign On 7.3.8" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign On 7.3.8" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "keycloak: security issue on reset credential flow" }, { "cve": "CVE-2020-1719", "cwe": { "id": "CWE-270", "name": "Privilege Context Switching Error" }, "discovery_date": "2019-08-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1796617" } ], "notes": [ { "category": "description", "text": "A flaw was found in wildfly. The EJBContext principle is not popped back after invoking another EJB using a different Security Domain. The highest threat from this vulnerability is to data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign On 7.3.8" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1719" }, { "category": "external", "summary": "RHBZ#1796617", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796617" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1719", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1719" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1719", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1719" } ], "release_date": "2019-06-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-05-12T17:16:57+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign On 7.3.8" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2112" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat Single Sign On 7.3.8" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain" }, { "acknowledgments": [ { "names": [ "Francesco Cusinato" ] } ], "cve": "CVE-2020-1724", "cwe": { "id": "CWE-613", "name": "Insufficient Session Expiration" }, "discovery_date": "2020-02-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1800527" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak. This flaw allows a malicious user that is currently logged in, to see the personal information of a previously logged out user in the account manager section.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: problem with privacy after user logout", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign On 7.3.8" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1724" }, { "category": "external", "summary": "RHBZ#1800527", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800527" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1724", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1724" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1724", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1724" } ], "release_date": "2020-05-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-05-12T17:16:57+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign On 7.3.8" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2112" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat Single Sign On 7.3.8" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "keycloak: problem with privacy after user logout" }, { "acknowledgments": [ { "names": [ "Fedorov Oleksii", "Keitaro Yamazaki", "Shiga Ryota" ], "organization": "LINE Corporation" } ], "cve": "CVE-2020-1757", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2019-09-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1752770" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow, where the servlet container causes the servletPath to normalize incorrectly by truncating the path after the semicolon. The flaw may lead to application mapping, resulting in a security bypass.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign On 7.3.8" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1757" }, { "category": "external", "summary": "RHBZ#1752770", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752770" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1757", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1757" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1757", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1757" } ], "release_date": "2018-12-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-05-12T17:16:57+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign On 7.3.8" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2112" }, { "category": "workaround", "details": "The issue can be mitigated by configuring UrlPathHelper to ignore the servletPath via setting \"alwaysUseFullPath\".", "product_ids": [ "Red Hat Single Sign On 7.3.8" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.0" }, "products": [ "Red Hat Single Sign On 7.3.8" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass" }, { "acknowledgments": [ { "names": [ "Peter St\u00f6ckli" ] } ], "cve": "CVE-2020-1758", "cwe": { "id": "CWE-297", "name": "Improper Validation of Certificate with Host Mismatch" }, "discovery_date": "2020-03-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1812514" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak, where it does not perform the TLS hostname verification while sending emails using the SMTP server. This flaw allows an attacker to perform a man-in-the-middle (MITM) attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: improper verification of certificate with host mismatch could result in information disclosure", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign On 7.3.8" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1758" }, { "category": "external", "summary": "RHBZ#1812514", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1812514" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1758", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1758" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1758", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1758" }, { "category": "external", "summary": "https://issues.redhat.com/browse/KEYCLOAK-13285", "url": "https://issues.redhat.com/browse/KEYCLOAK-13285" } ], "release_date": "2020-05-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-05-12T17:16:57+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign On 7.3.8" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2112" }, { "category": "workaround", "details": "Turn off all kinds of email notifications including password reset mails.", "product_ids": [ "Red Hat Single Sign On 7.3.8" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat Single Sign On 7.3.8" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: improper verification of certificate with host mismatch could result in information disclosure" }, { "cve": "CVE-2020-7226", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2020-02-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1801380" } ], "notes": [ { "category": "description", "text": "CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with \"new byte\" may depend on untrusted input within the header of encoded data.", "title": "Vulnerability description" }, { "category": "summary", "text": "cryptacular: excessive memory allocation during a decode operation", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign On 7.3.8" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-7226" }, { "category": "external", "summary": "RHBZ#1801380", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801380" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-7226", "url": "https://www.cve.org/CVERecord?id=CVE-2020-7226" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-7226", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7226" } ], "release_date": "2020-01-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-05-12T17:16:57+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign On 7.3.8" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2112" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign On 7.3.8" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "cryptacular: excessive memory allocation during a decode operation" } ] }
rhsa-2020_2252
Vulnerability from csaf_redhat
Published
2020-06-01 15:32
Modified
2024-11-15 06:11
Summary
Red Hat Security Advisory: Red Hat support for Spring Boot 2.2.6 security and bug fix update
Notes
Topic
An update is now available for Red Hat OpenShift Application Runtimes.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform.
This release of Red Hat support for Spring Boot 2.2.6 serves as a replacement for Red Hat support for Spring Boot 2.1.13, and includes security and bug fixes and enhancements. For further information, refer to the release notes linked to in the References section.
Security Fix(es):
* keycloak: security issue on reset credential flow (CVE-2020-1718)
* keycloak: stored XSS in client settings via application links (CVE-2020-1697)
* keycloak: missing input validation in IDP authorization URLs (CVE-2020-1727)
* keycloak: Password leak by logged exception in HttpMethod class (CVE-2020-1698)
* keycloak: problem with privacy after user logout (CVE-2020-1724)
* keycloak: failedLogin Event not sent to BruteForceProtector when using Post Login Flow with Conditional-OTP (CVE-2020-1744)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat OpenShift Application Runtimes.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform.\n\nThis release of Red Hat support for Spring Boot 2.2.6 serves as a replacement for Red Hat support for Spring Boot 2.1.13, and includes security and bug fixes and enhancements. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* keycloak: security issue on reset credential flow (CVE-2020-1718)\n\n* keycloak: stored XSS in client settings via application links (CVE-2020-1697)\n\n* keycloak: missing input validation in IDP authorization URLs (CVE-2020-1727)\n\n* keycloak: Password leak by logged exception in HttpMethod class (CVE-2020-1698)\n\n* keycloak: problem with privacy after user logout (CVE-2020-1724)\n\n* keycloak: failedLogin Event not sent to BruteForceProtector when using Post Login Flow with Conditional-OTP (CVE-2020-1744)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:2252", "url": "https://access.redhat.com/errata/RHSA-2020:2252" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=catRhoar.spring.boot\u0026version=2.2.6", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=catRhoar.spring.boot\u0026version=2.2.6" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_support_for_spring_boot/", "url": "https://access.redhat.com/documentation/en-us/red_hat_support_for_spring_boot/" }, { "category": "external", "summary": "1790292", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1790292" }, { "category": "external", "summary": "1791538", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791538" }, { "category": "external", "summary": "1796756", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796756" }, { "category": "external", "summary": "1800527", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800527" }, { "category": "external", "summary": "1800573", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800573" }, { "category": "external", "summary": "1805792", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805792" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_2252.json" } ], "title": "Red Hat Security Advisory: Red Hat support for Spring Boot 2.2.6 security and bug fix update", "tracking": { "current_release_date": "2024-11-15T06:11:06+00:00", "generator": { "date": "2024-11-15T06:11:06+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2020:2252", "initial_release_date": "2020-06-01T15:32:19+00:00", "revision_history": [ { "date": "2020-06-01T15:32:19+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-06-01T15:32:19+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T06:11:06+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Runtimes Spring Boot 2.2.6", "product": { "name": "Red Hat Runtimes Spring Boot 2.2.6", "product_id": "Red Hat Runtimes Spring Boot 2.2.6", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0" } } } ], "category": "product_family", "name": "Red Hat OpenShift Application Runtimes" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Cure53 Berlin" ] } ], "cve": "CVE-2020-1697", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2020-01-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1791538" } ], "notes": [ { "category": "description", "text": "A flaw was found during the assessment of the Admin Console application for Keycloak, where it was found that Application Links to external applications are not validated properly. An attacker could use this flaw to cause Stored XSS attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: stored XSS in client settings via application links", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Runtimes Spring Boot 2.2.6" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1697" }, { "category": "external", "summary": "RHBZ#1791538", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791538" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1697", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1697" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1697", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1697" } ], "release_date": "2020-02-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-06-01T15:32:19+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Runtimes Spring Boot 2.2.6" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2252" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat Runtimes Spring Boot 2.2.6" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: stored XSS in client settings via application links" }, { "acknowledgments": [ { "names": [ "Tobias Friedrich" ] } ], "cve": "CVE-2020-1698", "cwe": { "id": "CWE-532", "name": "Insertion of Sensitive Information into Log File" }, "discovery_date": "2020-01-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1790292" } ], "notes": [ { "category": "description", "text": "A flaw was found in keycloak. A logged exception in the HttpMethod class may leak the password given as parameter. The highest threat from this vulnerability is to data confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Password leak by logged exception in HttpMethod class", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Runtimes Spring Boot 2.2.6" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1698" }, { "category": "external", "summary": "RHBZ#1790292", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1790292" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1698", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1698" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1698", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1698" } ], "release_date": "2020-05-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-06-01T15:32:19+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Runtimes Spring Boot 2.2.6" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2252" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat Runtimes Spring Boot 2.2.6" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "keycloak: Password leak by logged exception in HttpMethod class" }, { "cve": "CVE-2020-1718", "cwe": { "id": "CWE-287", "name": "Improper Authentication" }, "discovery_date": "2020-01-31T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1796756" } ], "notes": [ { "category": "description", "text": "A flaw was found in the reset credential flow in Keycloak. This flaw allows an attacker to gain unauthorized access to the application.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: security issue on reset credential flow", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Runtimes Spring Boot 2.2.6" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1718" }, { "category": "external", "summary": "RHBZ#1796756", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796756" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1718", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1718" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1718", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1718" } ], "release_date": "2020-05-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-06-01T15:32:19+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Runtimes Spring Boot 2.2.6" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2252" }, { "category": "workaround", "details": "Disable reset credential flow.", "product_ids": [ "Red Hat Runtimes Spring Boot 2.2.6" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Runtimes Spring Boot 2.2.6" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "keycloak: security issue on reset credential flow" }, { "acknowledgments": [ { "names": [ "Francesco Cusinato" ] } ], "cve": "CVE-2020-1724", "cwe": { "id": "CWE-613", "name": "Insufficient Session Expiration" }, "discovery_date": "2020-02-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1800527" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak. This flaw allows a malicious user that is currently logged in, to see the personal information of a previously logged out user in the account manager section.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: problem with privacy after user logout", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Runtimes Spring Boot 2.2.6" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1724" }, { "category": "external", "summary": "RHBZ#1800527", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800527" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1724", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1724" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1724", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1724" } ], "release_date": "2020-05-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-06-01T15:32:19+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Runtimes Spring Boot 2.2.6" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2252" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat Runtimes Spring Boot 2.2.6" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "keycloak: problem with privacy after user logout" }, { "acknowledgments": [ { "names": [ "Sebastian Moritz" ], "organization": "Cure53" } ], "cve": "CVE-2020-1727", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2020-02-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1800573" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak, where every Authorization URL that points to an IDP server lacks proper input validation as it allows a wide range of characters. This flaw allows a malicious to craft deep links that introduce further attack scenarios on affected clients.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: missing input validation in IDP authorization URLs", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Runtimes Spring Boot 2.2.6" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1727" }, { "category": "external", "summary": "RHBZ#1800573", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800573" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1727", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1727" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1727", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1727" } ], "release_date": "2020-05-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-06-01T15:32:19+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Runtimes Spring Boot 2.2.6" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2252" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat Runtimes Spring Boot 2.2.6" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: missing input validation in IDP authorization URLs" }, { "cve": "CVE-2020-1744", "cwe": { "id": "CWE-755", "name": "Improper Handling of Exceptional Conditions" }, "discovery_date": "2020-02-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1805792" } ], "notes": [ { "category": "description", "text": "A flaw was found in keycloak. BruteForceProtector does not handle Conditional OTP Authentication Flow login failure events due to these events not being sent to the brute force protection event queue. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: failedLogin Event not sent to BruteForceProtector when using Post Login Flow with Conditional-OTP", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Runtimes Spring Boot 2.2.6" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1744" }, { "category": "external", "summary": "RHBZ#1805792", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805792" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1744", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1744" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1744", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1744" } ], "release_date": "2020-03-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-06-01T15:32:19+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Runtimes Spring Boot 2.2.6" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2252" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "Red Hat Runtimes Spring Boot 2.2.6" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: failedLogin Event not sent to BruteForceProtector when using Post Login Flow with Conditional-OTP" } ] }
rhsa-2020_2106
Vulnerability from csaf_redhat
Published
2020-05-12 16:43
Modified
2024-11-15 06:10
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.3.8 security update on RHEL 6
Notes
Topic
New Red Hat Single Sign-On 7.3.8 packages are now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.3.8 on RHEL 6 serves as a replacement for Red Hat Single Sign-On 7.3.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* keycloak: security issue on reset credential flow (CVE-2020-1718)
* keycloak: improper verification of certificate with host mismatch could result in information disclosure (CVE-2020-1758)
* keycloak: problem with privacy after user logout (CVE-2020-1724)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "New Red Hat Single Sign-On 7.3.8 packages are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.3.8 on RHEL 6 serves as a replacement for Red Hat Single Sign-On 7.3.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* keycloak: security issue on reset credential flow (CVE-2020-1718)\n\n* keycloak: improper verification of certificate with host mismatch could result in information disclosure (CVE-2020-1758)\n\n* keycloak: problem with privacy after user logout (CVE-2020-1724)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:2106", "url": "https://access.redhat.com/errata/RHSA-2020:2106" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.3/", "url": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.3/" }, { "category": "external", "summary": "1796756", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796756" }, { "category": "external", "summary": "1800527", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800527" }, { "category": "external", "summary": "1812514", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1812514" }, { "category": "external", "summary": "KEYCLOAK-13797", "url": "https://issues.redhat.com/browse/KEYCLOAK-13797" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_2106.json" } ], "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.3.8 security update on RHEL 6", "tracking": { "current_release_date": "2024-11-15T06:10:12+00:00", "generator": { "date": "2024-11-15T06:10:12+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2020:2106", "initial_release_date": "2020-05-12T16:43:06+00:00", "revision_history": [ { "date": "2020-05-12T16:43:06+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-05-12T16:43:06+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T06:10:12+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Single Sign-On 7.3 for RHEL 6 Server", "product": { "name": "Red Hat Single Sign-On 7.3 for RHEL 6 Server", "product_id": "6Server-RHSSO-7.3", "product_identification_helper": { "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7::el6" } } } ], "category": "product_family", "name": "Red Hat Single Sign-On" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el6sso.noarch", "product": { "name": "rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el6sso.noarch", "product_id": "rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el6sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@4.8.20-1.Final_redhat_00001.1.el6sso?arch=noarch" } } }, { "category": "product_version", "name": "rh-sso7-keycloak-server-0:4.8.20-1.Final_redhat_00001.1.el6sso.noarch", "product": { "name": "rh-sso7-keycloak-server-0:4.8.20-1.Final_redhat_00001.1.el6sso.noarch", "product_id": "rh-sso7-keycloak-server-0:4.8.20-1.Final_redhat_00001.1.el6sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak-server@4.8.20-1.Final_redhat_00001.1.el6sso?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el6sso.src", "product": { "name": "rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el6sso.src", "product_id": "rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el6sso.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@4.8.20-1.Final_redhat_00001.1.el6sso?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el6sso.noarch as a component of Red Hat Single Sign-On 7.3 for RHEL 6 Server", "product_id": "6Server-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el6sso.noarch" }, "product_reference": "rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el6sso.noarch", "relates_to_product_reference": "6Server-RHSSO-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el6sso.src as a component of Red Hat Single Sign-On 7.3 for RHEL 6 Server", "product_id": "6Server-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el6sso.src" }, "product_reference": "rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el6sso.src", "relates_to_product_reference": "6Server-RHSSO-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-server-0:4.8.20-1.Final_redhat_00001.1.el6sso.noarch as a component of Red Hat Single Sign-On 7.3 for RHEL 6 Server", "product_id": "6Server-RHSSO-7.3:rh-sso7-keycloak-server-0:4.8.20-1.Final_redhat_00001.1.el6sso.noarch" }, "product_reference": "rh-sso7-keycloak-server-0:4.8.20-1.Final_redhat_00001.1.el6sso.noarch", "relates_to_product_reference": "6Server-RHSSO-7.3" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-1718", "cwe": { "id": "CWE-287", "name": "Improper Authentication" }, "discovery_date": "2020-01-31T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1796756" } ], "notes": [ { "category": "description", "text": "A flaw was found in the reset credential flow in Keycloak. This flaw allows an attacker to gain unauthorized access to the application.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: security issue on reset credential flow", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el6sso.noarch", "6Server-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el6sso.src", "6Server-RHSSO-7.3:rh-sso7-keycloak-server-0:4.8.20-1.Final_redhat_00001.1.el6sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1718" }, { "category": "external", "summary": "RHBZ#1796756", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796756" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1718", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1718" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1718", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1718" } ], "release_date": "2020-05-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-05-12T16:43:06+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el6sso.noarch", "6Server-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el6sso.src", "6Server-RHSSO-7.3:rh-sso7-keycloak-server-0:4.8.20-1.Final_redhat_00001.1.el6sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2106" }, { "category": "workaround", "details": "Disable reset credential flow.", "product_ids": [ "6Server-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el6sso.noarch", "6Server-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el6sso.src", "6Server-RHSSO-7.3:rh-sso7-keycloak-server-0:4.8.20-1.Final_redhat_00001.1.el6sso.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "6Server-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el6sso.noarch", "6Server-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el6sso.src", "6Server-RHSSO-7.3:rh-sso7-keycloak-server-0:4.8.20-1.Final_redhat_00001.1.el6sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "keycloak: security issue on reset credential flow" }, { "acknowledgments": [ { "names": [ "Francesco Cusinato" ] } ], "cve": "CVE-2020-1724", "cwe": { "id": "CWE-613", "name": "Insufficient Session Expiration" }, "discovery_date": "2020-02-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1800527" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak. This flaw allows a malicious user that is currently logged in, to see the personal information of a previously logged out user in the account manager section.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: problem with privacy after user logout", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el6sso.noarch", "6Server-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el6sso.src", "6Server-RHSSO-7.3:rh-sso7-keycloak-server-0:4.8.20-1.Final_redhat_00001.1.el6sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1724" }, { "category": "external", "summary": "RHBZ#1800527", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800527" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1724", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1724" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1724", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1724" } ], "release_date": "2020-05-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-05-12T16:43:06+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el6sso.noarch", "6Server-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el6sso.src", "6Server-RHSSO-7.3:rh-sso7-keycloak-server-0:4.8.20-1.Final_redhat_00001.1.el6sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2106" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "6Server-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el6sso.noarch", "6Server-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el6sso.src", "6Server-RHSSO-7.3:rh-sso7-keycloak-server-0:4.8.20-1.Final_redhat_00001.1.el6sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "keycloak: problem with privacy after user logout" }, { "acknowledgments": [ { "names": [ "Peter St\u00f6ckli" ] } ], "cve": "CVE-2020-1758", "cwe": { "id": "CWE-297", "name": "Improper Validation of Certificate with Host Mismatch" }, "discovery_date": "2020-03-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1812514" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak, where it does not perform the TLS hostname verification while sending emails using the SMTP server. This flaw allows an attacker to perform a man-in-the-middle (MITM) attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: improper verification of certificate with host mismatch could result in information disclosure", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el6sso.noarch", "6Server-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el6sso.src", "6Server-RHSSO-7.3:rh-sso7-keycloak-server-0:4.8.20-1.Final_redhat_00001.1.el6sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1758" }, { "category": "external", "summary": "RHBZ#1812514", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1812514" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1758", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1758" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1758", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1758" }, { "category": "external", "summary": "https://issues.redhat.com/browse/KEYCLOAK-13285", "url": "https://issues.redhat.com/browse/KEYCLOAK-13285" } ], "release_date": "2020-05-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-05-12T16:43:06+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el6sso.noarch", "6Server-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el6sso.src", "6Server-RHSSO-7.3:rh-sso7-keycloak-server-0:4.8.20-1.Final_redhat_00001.1.el6sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2106" }, { "category": "workaround", "details": "Turn off all kinds of email notifications including password reset mails.", "product_ids": [ "6Server-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el6sso.noarch", "6Server-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el6sso.src", "6Server-RHSSO-7.3:rh-sso7-keycloak-server-0:4.8.20-1.Final_redhat_00001.1.el6sso.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "6Server-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el6sso.noarch", "6Server-RHSSO-7.3:rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el6sso.src", "6Server-RHSSO-7.3:rh-sso7-keycloak-server-0:4.8.20-1.Final_redhat_00001.1.el6sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: improper verification of certificate with host mismatch could result in information disclosure" } ] }
gsd-2020-1724
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
A flaw was found in Keycloak in versions before 9.0.2. This flaw allows a malicious user that is currently logged in, to see the personal information of a previously logged out user in the account manager section.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2020-1724", "description": "A flaw was found in Keycloak in versions before 9.0.2. This flaw allows a malicious user that is currently logged in, to see the personal information of a previously logged out user in the account manager section.", "id": "GSD-2020-1724", "references": [ "https://access.redhat.com/errata/RHSA-2020:2905", "https://access.redhat.com/errata/RHSA-2020:2252", "https://access.redhat.com/errata/RHSA-2020:2112", "https://access.redhat.com/errata/RHSA-2020:2108", "https://access.redhat.com/errata/RHSA-2020:2107", "https://access.redhat.com/errata/RHSA-2020:2106" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2020-1724" ], "details": "A flaw was found in Keycloak in versions before 9.0.2. This flaw allows a malicious user that is currently logged in, to see the personal information of a previously logged out user in the account manager section.", "id": "GSD-2020-1724", "modified": "2023-12-13T01:21:58.019660Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2020-1724", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "keycloak", "version": { "version_data": [ { "version_value": "All versions before 9.0.2" } ] } } ] }, "vendor_name": "Red Hat" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A flaw was found in Keycloak in versions before 9.0.2. This flaw allows a malicious user that is currently logged in, to see the personal information of a previously logged out user in the account manager section." } ] }, "impact": { "cvss": [ [ { "vectorString": "4.3/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" } ] ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-613" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1724", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1724" } ] } }, "gitlab.com": { "advisories": [ { "affected_range": "(,9.0.2)", "affected_versions": "All versions before 9.0.2", "cvss_v2": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "cwe_ids": [ "CWE-1035", "CWE-613", "CWE-937" ], "date": "2020-05-13", "description": "A flaw was found in Keycloak which allows a malicious user that is currently logged in, to see the personal information of a previously logged-out user in the account manager section.", "fixed_versions": [ "9.0.2" ], "identifier": "CVE-2020-1724", "identifiers": [ "CVE-2020-1724" ], "not_impacted": "All versions starting from 9.0.2", "package_slug": "maven/org.keycloak/keycloak-core", "pubdate": "2020-05-11", "solution": "Upgrade to version 9.0.2 or above.", "title": "Insufficient Session Expiration", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2020-1724", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1724" ], "uuid": "b3e72dc0-67bd-4016-906d-6b88f08c00fc" }, { "affected_range": "(,9.0.2)", "affected_versions": "All versions before 9.0.2", "cvss_v2": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "cwe_ids": [ "CWE-1035", "CWE-613", "CWE-937" ], "date": "2020-05-13", "description": "A flaw was found in Keycloak. This flaw allows a malicious user that is currently logged-in, to see the personal information of a previously logged-out user in the account manager section.", "fixed_versions": [ "9.0.2" ], "identifier": "CVE-2020-1724", "identifiers": [ "CVE-2020-1724" ], "not_impacted": "All versions starting from 9.0.2", "package_slug": "maven/org.keycloak/keycloak-services", "pubdate": "2020-05-11", "solution": "Upgrade to version 9.0.2 or above.", "title": "Insufficient Session Expiration", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2020-1724", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1724" ], "uuid": "0c2e6be6-152f-4e1d-8864-ff6b3d620476" }, { "affected_range": "\u003c9.0.2", "affected_versions": "All versions before 9.0.2", "cvss_v2": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "cwe_ids": [ "CWE-1035", "CWE-613", "CWE-937" ], "date": "2020-05-13", "description": "A flaw in Keycloak allows a malicious user that is currently logged in, to see the personal information of a previously logged-out user in the account manager section.", "fixed_versions": [ "9.0.2" ], "identifier": "CVE-2020-1724", "identifiers": [ "CVE-2020-1724" ], "not_impacted": "All versions starting from 9.0.2", "package_slug": "npm/keycloak-connect", "pubdate": "2020-05-11", "solution": "Upgrade to version 9.0.2 or above.", "title": "Insufficient Session Expiration", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2020-1724", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1724" ], "uuid": "658ef8a5-3063-4a84-a110-84635ee82908" } ] }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.0.2", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2020-1724" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "A flaw was found in Keycloak in versions before 9.0.2. This flaw allows a malicious user that is currently logged in, to see the personal information of a previously logged out user in the account manager section." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-613" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1724", "refsource": "CONFIRM", "tags": [ "Issue Tracking", "Vendor Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1724" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": false, "cvssV2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 1.4 } }, "lastModifiedDate": "2022-04-25T17:37Z", "publishedDate": "2020-05-11T21:15Z" } } }
ghsa-8xj2-47xw-q78c
Vulnerability from github
Published
2022-05-24 17:17
Modified
2024-04-23 17:34
Severity ?
Summary
Keycloak Insufficient Session Expiry
Details
A flaw was found in Keycloak in versions before 9.0.2. This flaw allows a malicious user that is currently logged in, to see the personal information of a previously logged out user in the account manager section.
{ "affected": [ { "package": { "ecosystem": "Maven", "name": "org.keycloak:keycloak-core" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "9.0.2" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2020-1724" ], "database_specific": { "cwe_ids": [ "CWE-613" ], "github_reviewed": true, "github_reviewed_at": "2024-04-23T17:34:12Z", "nvd_published_at": "2020-05-11T21:15:00Z", "severity": "MODERATE" }, "details": "A flaw was found in Keycloak in versions before 9.0.2. This flaw allows a malicious user that is currently logged in, to see the personal information of a previously logged out user in the account manager section.", "id": "GHSA-8xj2-47xw-q78c", "modified": "2024-04-23T17:34:12Z", "published": "2022-05-24T17:17:37Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1724" }, { "type": "WEB", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1724" }, { "type": "PACKAGE", "url": "https://github.com/keycloak/keycloak" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "type": "CVSS_V3" } ], "summary": "Keycloak Insufficient Session Expiry" }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.