Multiple vulnerabilities in Red Hat build of Keycloak 24.0



Risk Medium
Patch available YES
Number of vulnerabilities 3
CVE-ID CVE-2024-7341
CVE-2024-7318
CVE-2024-7260
CWE-ID CWE-384
CWE-287
CWE-601
Exploitation vector Network
Public exploit N/A
Vulnerable software
Red Hat build of Keycloak
Server applications / Other server solutions

Vendor Red Hat Inc.

Security Bulletin

This security bulletin contains information about 3 vulnerabilities.

1) Session Fixation

EUVDB-ID: #VU97432

Risk: Medium

CVSSv3.1: 6.2 [CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-7341

CWE-ID: CWE-384 - Session Fixation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the session fixation issue in the SAML adapters. A remote user who hijacks the current session before authentication can trigger session fixation.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat build of Keycloak: before 24.0.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2024:6503


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper Authentication

EUVDB-ID: #VU97628

Risk: Low

CVSSv3.1: 3.7 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-7318

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to the generated OTP token remains valid longer than its expiration time when using FreeOTP. This increases the attack window for malicious actors to abuse the system and compromise accounts.

Note, the expiration time is 30 seconds, while the token remains valid for 1 minute in total.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat build of Keycloak: before 24.0.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2024:6503


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Open redirect

EUVDB-ID: #VU97629

Risk: Low

CVSSv3.1: 3 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-7260

CWE-ID: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

Exploit availability: No

Description

The vulnerability allows a remote attacker to redirect victims to arbitrary URL.

The vulnerability exists due to improper sanitization of user-supplied data on Account page. A remote attacker can create a link that leads to a trusted website, however, when clicked, redirects the victim to arbitrary domain.

Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat build of Keycloak: before 24.0.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2024:6503


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###