SB2022012032 - Multiple vulnerabilities in Red Hat Single Sign-On
Published: January 20, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Information disclosure (CVE-ID: CVE-2021-20289)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. A remote attacker can obtain endpoint class and method names.
2) Information disclosure (CVE-ID: CVE-2021-40690)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. A remote attacker can abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element.
3) Improper access control (CVE-ID: CVE-2021-4133)
The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions within the administrative REST API. A remote user can bypass implemented security restrictions and create new default user accounts, even when new user registration is disabled.
4) Authentication bypass using an alternate path or channel (CVE-ID: CVE-2021-3827)
The vulnerability allows a remote attacker to bypass 2FA authentication.
The vulnerability exists due to an error in ECP SAML binding flow within keycloak-server-spi-private. A remote attacker can send SOAP request with an AuthnRequest and Authorization header with the user's credentials and bypass MFA authentication.
Remediation
Install update from vendor's website.
References
- https://access.redhat.com/errata/RHSA-2022:0151"
- https://access.redhat.com/errata/RHSA-2022:0151</a></p><p><a
- https://access.redhat.com/errata/RHSA-2022:0152"
- https://access.redhat.com/errata/RHSA-2022:0152</a></p><p><a
- https://access.redhat.com/errata/RHSA-2022:0155"
- https://access.redhat.com/errata/RHSA-2022:0155</a></p><p>
- https://access.redhat.com/errata/RHSA-2022:0164</p><p><br></p>