Multiple vulnerabilities in Red Hat Single Sign-On 7.6 on RHEL 7
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2023-6544 CVE-2023-6484 CVE-2024-1132 CVE-2024-1249 CVE-2024-1635 |
| CWE-ID | CWE-285 CWE-117 CWE-22 CWE-264 CWE-400 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
rh-sso7-keycloak (Red Hat package) Operating systems & Components / Operating system package or component |
| Vendor | Red Hat Inc. |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Improper authorization
EUVDB-ID: #VU88793
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-6544
CWE-ID:
CWE-285 - Improper Authorization
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to the application.
The vulnerability exists due to a permissive regular expression hard-coded for filtering allowed hosts to register a dynamic client within the org.keycloak.services.clientregistration package. A remote attacker with enough information about the environment could benefit and jeopardize an environment with this specific Dynamic Client Registration with TrustedDomain configuration previously unauthorized.
MitigationInstall updates from vendor's website.
rh-sso7-keycloak (Red Hat package): before 18.0.13-1.redhat_00001.1.el7sso
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2024:1860
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper Output Neutralization for Logs
EUVDB-ID: #VU86549
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-6484
CWE-ID:
CWE-117 - Improper Output Neutralization for Logs
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to manipulate data in log files.
The vulnerability exists due to improper input validation during WebAuthn authentication or registration. A remote attacker can manipulate data in log files when using the WebAuthn authentication mode.
Install updates from vendor's website.
rh-sso7-keycloak (Red Hat package): before 18.0.13-1.redhat_00001.1.el7sso
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2024:1860
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Path traversal
EUVDB-ID: #VU88798
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-1132
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to improper validation of URLs included in a redirect in org.keycloak.protocol.oidc. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.
Note, the vulnerability affects any client that utilizes a wildcard in the Valid Redirect URIs field.
MitigationInstall updates from vendor's website.
rh-sso7-keycloak (Red Hat package): before 18.0.13-1.redhat_00001.1.el7sso
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2024:1860
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU88799
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-1249
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to "checkLoginIframe" allows unvalidated cross-origin messages. A remote attacker can send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origin validation for incoming messages.
MitigationInstall updates from vendor's website.
rh-sso7-keycloak (Red Hat package): before 18.0.13-1.redhat_00001.1.el7sso
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2024:1860
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Resource exhaustion
EUVDB-ID: #VU88154
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-1635
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when handling rapidly open and closed HTTP connections. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
rh-sso7-keycloak (Red Hat package): before 18.0.13-1.redhat_00001.1.el7sso
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2024:1860
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
