SB20240417149 - Multiple vulnerabilities in Red Hat Single Sign-On 7.6 on RHEL 7

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB20240417149

SB20240417149 - Multiple vulnerabilities in Red Hat Single Sign-On 7.6 on RHEL 7

Published: April 17, 2024

Security Bulletin ID SB20240417149
Severity
Medium
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Information disclosure

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Improper authorization (CVE-ID: CVE-2023-6544)

The vulnerability allows a remote attacker to gain unauthorized access to the application.

The vulnerability exists due to a permissive regular expression hard-coded for filtering allowed hosts to register a dynamic client within the org.keycloak.services.clientregistration package. A remote attacker with enough information about the environment could benefit and jeopardize an environment with this specific Dynamic Client Registration with TrustedDomain configuration previously unauthorized.


2) Improper Output Neutralization for Logs (CVE-ID: CVE-2023-6484)

The vulnerability allows a remote attacker to manipulate data in log files.

The vulnerability exists due to improper input validation during WebAuthn authentication or registration. A remote attacker can manipulate data in log files when using the WebAuthn authentication mode.


3) Path traversal (CVE-ID: CVE-2024-1132)

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to improper validation of URLs included in a redirect in org.keycloak.protocol.oidc. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.

Note, the vulnerability affects any client that utilizes a wildcard in the Valid Redirect URIs field.


4) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2024-1249)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to "checkLoginIframe" allows unvalidated cross-origin messages. A remote attacker can send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origin validation for incoming messages.


5) Resource exhaustion (CVE-ID: CVE-2024-1635)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when handling rapidly open and closed HTTP connections. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References