Lucene search

RedHatRHSA-2024:0100

HistoryJan 09, 2024 - 4:40 p.m.

(RHSA-2024:0100) Moderate: Red Hat build of Keycloak 22.0.8 images enhancement and security update

2024-01-0916:40:12

access.redhat.com

red hat

keycloak

22.0.8

security update

openshift

containerized image

authentication

single sign-on

enhancement

cve-2023-6927

cloud computing

paas

cvss score

7.6 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

45.7%

JSON

Red Hat build of Keycloak 22.0.8 is an integrated solution, available as a Red Hat JBoss Middleware for OpenShift containerized image, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.

This erratum releases a security update and enhancement images for Red Hat build of Keycloak 22.0.8 for use within the OpenShift Container Platform 4.12, 4.13 and 4.14 cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments, aligning with the standalone product release.

Security Fix(es):

open redirect via “form_post.jwt” JARM response mode (CVE-2023-6927)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.