ghsa-gf2j-7qwg-4f5x
Vulnerability from github
Published
2018-12-21 17:48
Modified
2022-09-14 22:26
Severity
Summary
Improper Authentication in Keycloak
Details
The SAML broker consumer endpoint in Keycloak before version 4.6.0.Final ignores expiration conditions on SAML assertions. An attacker can exploit this vulnerability to perform a replay attack.
{ "affected": [ { "package": { "ecosystem": "Maven", "name": "org.keycloak:keycloak-core" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "4.6.0" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2018-14637" ], "database_specific": { "cwe_ids": [ "CWE-285", "CWE-287" ], "github_reviewed": true, "github_reviewed_at": "2020-06-16T21:36:56Z", "nvd_published_at": null, "severity": "HIGH" }, "details": "The SAML broker consumer endpoint in Keycloak before version 4.6.0.Final ignores expiration conditions on SAML assertions. An attacker can exploit this vulnerability to perform a replay attack.", "id": "GHSA-gf2j-7qwg-4f5x", "modified": "2022-09-14T22:26:11Z", "published": "2018-12-21T17:48:45Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14637" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-gf2j-7qwg-4f5x" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ], "summary": "Improper Authentication in Keycloak" }
Loading...