Products
Keycloak
Source
secalert@redhat.com
Tags
CVE-2024-8698 details
Published : Sept. 19, 2024, 4:15 p.m.
Last Modified : Sept. 19, 2024, 8:15 p.m.
Last Modified : Sept. 19, 2024, 8:15 p.m.
Description
A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Reference element used to specify the signed element. This flaw allows attackers to create crafted responses that can bypass the validation, potentially leading to privilege escalation or impersonation attacks.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7.7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-347 | Improper Verification of Cryptographic Signature | The product does not verify, or incorrectly verifies, the cryptographic signature for data. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
Base Score
7.7
Exploitability Score
1.8
Impact Score
5.3
Base Severity
HIGH
Vector String : CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
References
| URL | Source |
|---|---|
| https://access.redhat.com/errata/RHSA-2024:6878 | secalert@redhat.com |
| https://access.redhat.com/errata/RHSA-2024:6879 | secalert@redhat.com |
| https://access.redhat.com/errata/RHSA-2024:6880 | secalert@redhat.com |
| https://access.redhat.com/errata/RHSA-2024:6882 | secalert@redhat.com |
| https://access.redhat.com/errata/RHSA-2024:6886 | secalert@redhat.com |
| https://access.redhat.com/errata/RHSA-2024:6887 | secalert@redhat.com |
| https://access.redhat.com/errata/RHSA-2024:6888 | secalert@redhat.com |
| https://access.redhat.com/errata/RHSA-2024:6889 | secalert@redhat.com |
| https://access.redhat.com/errata/RHSA-2024:6890 | secalert@redhat.com |
| https://access.redhat.com/security/cve/CVE-2024-8698 | secalert@redhat.com |
| https://bugzilla.redhat.com/show_bug.cgi?id=2311641 | secalert@redhat.com |
| https://github.com/keycloak/keycloak/blob/main/saml-core/src/main/java/org/keycloak/saml/processing/core/util/XMLSignatureUtil.java#L415 | secalert@redhat.com |
This website uses the NVD API, but is not approved or certified by it.