Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2023:3888
HistoryJun 27, 2023 - 6:46 p.m.

(RHSA-2023:3888) Important: Red Hat Single Sign-On 7.6.4 for OpenShift image security enhancement update

2023-06-2718:46:12
access.redhat.com
12
red hat single sign-on
openshift
security enhancement
image
authentication
server
cve-2022-4361
cve-2023-1108
cve-2023-2422
cve-2023-1664
cve-2023-2585
cloud computing
paas

CVSS3

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS

0.002

Percentile

59.2%

JSON

Red Hat Single Sign-On is an integrated sign-on solution, available as a
Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat
Single Sign-On for OpenShift image provides an authentication server that
you can use to log in centrally, log out, and register. You can also manage
user accounts for web applications, mobile applications, and RESTful web
services.

This erratum releases a new image for Red Hat Single Sign-On 7.6.4 for
use within the OpenShift Container Platform 3.10, OpenShift Container Platform
3.11, and within the OpenShift Container Platform 4.12 cloud computing Platform-as-a-Service (PaaS) for
on-premise or private cloud deployments, aligning with the standalone product release.

Security Fix(es):

  • keycloak: Cross-site scripting when validating URI-schemes on SAML and OIDC (CVE-2022-4361)

  • undertow: Infinite loop in SslConduit during close (CVE-2023-1108)

  • keycloak: oauth client impersonation (CVE-2023-2422)

  • keycloak: Untrusted Certificate Validation (CVE-2023-1664)

  • keycloak: client access via device auth request spoof (CVE-2023-2585)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Related

redhat 14
nessus 63
nvd 3
osv 22
redhatcve 4
veracode 4
prion 3
cve 4
cvelist 5
github 3
openvas 32
fedora 12
oraclelinux 2
ibm 2
ubuntucve 1
slackware 1
cloudlinux 2
cbl_mariner 3
rocky 4
cert 1
debiancve 1
cloudfoundry 2
almalinux 2
amazon 1
centos 1
thn 1
ubuntu 2
cgr 1
redos 1
aix 1
githubexploit 1
redhat
redhat
(RHSA-2023:3884) Important: Red Hat Single Sign-On 7.6.4 security update on RHEL 8
2023-06-27 18:45:28
(RHSA-2023:3883) Important: Red Hat Single Sign-On 7.6.4 security update on RHEL 7
2023-06-27 18:45:25
(RHSA-2023:3885) Important: Red Hat Single Sign-On 7.6.4 security update on RHEL 9
2023-06-27 18:45:32
nessus
nessus
RHEL 8 : Red Hat Single Sign-On 7.6.4 security update on RHEL 8 (Important) (RHSA-2023:3884)
2023-06-27 00:00:00
RHEL 9 : Red Hat Single Sign-On 7.6.4 security update on RHEL 9 (Important) (RHSA-2023:3885)
2023-06-27 00:00:00
RHEL 7 : Red Hat Single Sign-On 7.6.4 security update on RHEL 7 (Important) (RHSA-2023:3883)
2023-06-27 00:00:00
nvd
nvd
CVE-2022-4361
2023-07-07 20:15:09
CVE-2023-2585
2023-12-21 10:15:34
CVE-2023-1664
2023-05-26 18:15:09
osv
osv
CVE-2022-4361
2023-07-07 20:15:09
Keycloak vulnerable to cross-site scripting when validating URI-schemes on SAML and OIDC
2023-06-30 20:30:50
Client Spoofing within the Keycloak Device Authorisation Grant
2023-06-30 20:29:25
redhatcve
redhatcve
CVE-2022-4361
2023-06-27 14:47:12
CVE-2023-2585
2023-06-26 18:48:19
CVE-2023-1664
2023-03-27 21:34:59
veracode
veracode
Cross-Site Scripting (XSS)
2023-07-02 08:28:16
Improper Authorization
2023-07-01 10:58:45
Improper Certificate Validation
2023-06-07 07:41:36
prion
prion
Cross site scripting
2023-07-07 20:15:00
Authorization
2023-12-21 10:15:00
Default configuration
2023-05-26 18:15:00
cve
cve
CVE-2022-4361
2023-07-07 20:15:09
CVE-2023-2585
2023-12-21 10:15:34
CVE-2023-1664
2023-05-26 18:15:09
cvelist
cvelist
CVE-2022-4361
2023-07-07 19:57:44
CVE-2023-2585 Keycloak: client access via device auth request spoof
2023-12-21 09:24:16
CVE-2023-1664
2023-05-26 00:00:00
github
github
Keycloak vulnerable to cross-site scripting when validating URI-schemes on SAML and OIDC
2023-06-30 20:30:50
Client Spoofing within the Keycloak Device Authorisation Grant
2023-06-30 20:29:25
Keycloak Untrusted Certificate Validation vulnerability
2023-06-30 20:30:30
openvas
openvas
CentOS: Security Advisory for python3 (CESA-2023:3556)
2023-07-30 00:00:00
Fedora: Security Advisory for python3.9 (FEDORA-2023-b854908745)
2023-06-09 00:00:00
Fedora: Security Advisory for mingw-python3 (FEDORA-2023-406c1c6ed7)
2023-03-31 00:00:00
fedora
fedora
[SECURITY] Fedora 37 Update: pypy-7.3.11-2.fc37
2023-06-08 02:00:25
[SECURITY] Fedora 37 Update: python3.11-3.11.3-2.fc37
2023-05-27 01:26:58
[SECURITY] Fedora 37 Update: pypy3.9-7.3.11-2.3.9.fc37
2023-06-08 02:00:27
oraclelinux
oraclelinux
python3 security update
2023-06-12 00:00:00
python27:2.7 security update
2023-07-08 00:00:00
ibm
ibm
Security Bulletin: A vulnerability in Python may affect IBM Robotic Process Automation and result in a remote attacker bypassing security restrictions (CVE-2023-24329).
2023-11-22 20:55:44
Security Bulletin: AIX is affected by security restrictions bypass (CVE-2023-24329) due to Python
2023-08-24 03:46:53
ubuntucve
ubuntucve
CVE-2023-24329
2023-02-17 00:00:00
slackware
slackware
[slackware-security] python3
2023-06-09 01:28:03
cloudlinux
cloudlinux
python: Fix of CVE-2023-24329
2023-07-20 20:54:04
python: Fix of CVE-2023-24329
2023-03-06 21:09:04
cbl_mariner
cbl_mariner
CVE-2023-24329 affecting package python3 3.7.13-5
2023-03-16 03:40:27
CVE-2023-24329 affecting package python2 2.7.18-11
2023-03-16 03:40:27
CVE-2023-24329 affecting package python3 for versions less than 3.9.14-8
2023-10-13 16:12:18
rocky
rocky
python3.11 security update
2023-08-31 16:54:34
python27:2.7 security update
2023-06-24 18:52:51
python3.11 security update
2023-08-31 16:55:40
cert
cert
Python Parsing Error Enabling Bypass CVE-2023-24329
2023-08-11 00:00:00
debiancve
debiancve
CVE-2023-24329
2023-02-17 15:15:12
cloudfoundry
cloudfoundry
USN-5960-1: Python vulnerability | Cloud Foundry
2023-04-29 00:00:00
USN-6139-1: Python vulnerability | Cloud Foundry
2023-10-05 00:00:00
almalinux
almalinux
Important: python39:3.9 and python39-devel:3.9 security update
2023-06-27 00:00:00
Important: python3 security update
2023-06-14 00:00:00
amazon
amazon
Medium: python3
2023-03-17 16:34:00
centos
centos
python, tkinter security update
2023-07-27 14:34:23
thn
thn
New Python URL Parsing Flaw Could Enable Command Execution Attacks
2023-08-12 06:03:00
ubuntu
ubuntu
Python vulnerability
2023-06-05 00:00:00
Python vulnerability
2023-03-16 00:00:00
cgr
cgr
CVE-2023-24329 vulnerabilities
2024-05-19 03:07:16
redos
redos
ROS-20240815-14
2024-08-15 00:00:00
aix
aix
AIX is affected by security restrictions bypass due to Python
2023-08-18 09:49:04
githubexploit
githubexploit
Exploit for Improper Input Validation in Python
2023-08-17 10:33:52

CVSS3

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS

0.002

Percentile

59.2%

JSON
Related for RHSA-2023:3888
redhat14nessus63nvd3osv22redhatcve4veracode4prion3cve4cvelist5github3openvas32fedora12oraclelinux2ibm2ubuntucve1slackware1cloudlinux2cbl_mariner3rocky4cert1debiancve1cloudfoundry2almalinux2amazon1centos1thn1ubuntu2cgr1redos1aix1githubexploit1