Informazioni sul CVE-2024-8698
Keycloak-saml-core: improper verification of saml responses leading to privilege escalation in keycloak
CWE ID: CWE-347
Base Score (CVSS): N/A
CVE: CVE-2024-8698
Descrizione: A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Reference element used to specify the signed element. This flaw allows attackers to create crafted responses that can bypass the validation, potentially leading to privilege escalation or impersonation attacks.
Vettore di attacco CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
Punteggio CVSS
Il CVSS è un sistema di valutazione che misura la gravità di una vulnerabilità informatica considerando fattori come l’impatto potenziale, la probabilità di attacco e la facilità di esecuzione.
Riassunto: Accesso: Network, Privilegi: Low, Interazione utente: None, Confidenzialità: High, Integrità: Low, Disponibilità: Low.
Dettaglio del Vettore
| Metrica | Valore | Significato | Descrizione |
|---|---|---|---|
| Attack Vector (AV) | N | Network | L’attacco può essere eseguito da remoto attraverso la rete. |
| Attack Complexity (AC) | H | High | L’attacco richiede condizioni particolari o avanzate. |
| Privileges Required (PR) | L | Low | Richiede pochi privilegi. |
| User Interaction (UI) | N | None | Non è richiesta interazione dell’utente. |
| Scope (S) | C | Changed | La vulnerabilità impatta su componenti esterni. |
| Confidentiality Impact (C) | H | High | Grave impatto sulla riservatezza. |
| Integrity Impact (I) | L | Low | Impatto limitato. |
| Availability Impact (A) | L | Low | Interferenza limitata. |
Riferimenti esterni
- https://access.redhat.com/errata/RHSA-2024:6878
- https://access.redhat.com/errata/RHSA-2024:6879
- https://access.redhat.com/errata/RHSA-2024:6880
- https://access.redhat.com/errata/RHSA-2024:6882
- https://access.redhat.com/errata/RHSA-2024:6886
- https://access.redhat.com/errata/RHSA-2024:6887
- https://access.redhat.com/errata/RHSA-2024:6888
- https://access.redhat.com/errata/RHSA-2024:6889
- https://access.redhat.com/errata/RHSA-2024:6890
- https://access.redhat.com/errata/RHSA-2024:8823
- https://access.redhat.com/errata/RHSA-2024:8824
- https://access.redhat.com/errata/RHSA-2024:8826
- https://access.redhat.com/security/cve/CVE-2024-8698
- https://bugzilla.redhat.com/show_bug.cgi?id=2311641
Prodotti interessati
- Sconosciuto – Sconosciuto
- Red Hat – Red Hat Build of Keycloak
- Red Hat – Red Hat Build of Keycloak
- Red Hat – Red Hat build of Keycloak 22
- Red Hat – Red Hat build of Keycloak 22
- Red Hat – Red Hat build of Keycloak 22
- Red Hat – Red Hat build of Keycloak 24
- Red Hat – Red Hat build of Keycloak 24
- Red Hat – Red Hat build of Keycloak 24
- Red Hat – Red Hat JBoss Enterprise Application Platform 8
- Red Hat – Red Hat JBoss Enterprise Application Platform 8
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
- Red Hat – Red Hat Single Sign-On 7
- Red Hat – Red Hat Single Sign-On 7.6 for RHEL 7
- Red Hat – Red Hat Single Sign-On 7.6 for RHEL 8
- Red Hat – Red Hat Single Sign-On 7.6 for RHEL 9
- Red Hat – RHEL-8 based Middleware Containers
- Red Hat – Red Hat Build of Keycloak
- Red Hat – Red Hat Single Sign-On 7
Relazioni con altri prodotti
Produttore:Red Hat
Prodotto: Red Hat Single Sign-On 7
Anno: 2024
CWE: CWE-347
CVSS: 0.0
Produttore:Red Hat
Prodotto: Red Hat Single Sign-On 7.6 for RHEL 7
Anno: 2024
CWE: CWE-347
CVSS: 0.0
Produttore:Red Hat
Prodotto: Red Hat Single Sign-On 7.6 for RHEL 8
Anno: 2024
CWE: CWE-347
CVSS: 0.0
Produttore:Red Hat
Prodotto: Red Hat Single Sign-On 7.6 for RHEL 9
Anno: 2024
CWE: CWE-347
CVSS: 0.0
Produttore:Red Hat
Prodotto: RHEL-8 based Middleware Containers
Anno: 2024
CWE: CWE-347
CVSS: 0.0
Produttore:Red Hat
Prodotto: Red Hat build of Keycloak 22
Anno: 2024
CWE: CWE-347
CVSS: 0.0
Produttore:Red Hat
Prodotto: Red Hat JBoss Enterprise Application Platform 8
Anno: 2024
CWE: CWE-347
CVSS: 0.0
Produttore:Red Hat
Prodotto: Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
Anno: 2024
CWE: CWE-347
CVSS: 0.0
Produttore:Red Hat
Prodotto: Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
Anno: 2024
CWE: CWE-347
CVSS: 0.0
Produttore:Red Hat
Prodotto: Red Hat Build of Keycloak
Anno: 2024
CWE: CWE-347
CVSS: 0.0
Produttore:Red Hat
Prodotto: Red Hat build of Keycloak 24
Anno: 2024
CWE: CWE-347
CVSS: 0.0