Lucene search

K
redhatRedHatRHSA-2024:0100
HistoryJan 09, 2024 - 4:40 p.m.

(RHSA-2024:0100) Moderate: Red Hat build of Keycloak 22.0.8 images enhancement and security update

2024-01-0916:40:12
access.redhat.com
12
red hat
keycloak
22.0.8
security update
openshift
containerized image
authentication
single sign-on
enhancement
cve-2023-6927
cloud computing
paas
cvss score

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

7.6

Confidence

Low

EPSS

0.001

Percentile

47.1%

Red Hat build of Keycloak 22.0.8 is an integrated solution, available as a Red Hat JBoss Middleware for OpenShift containerized image, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.

This erratum releases a security update and enhancement images for Red Hat build of Keycloak 22.0.8 for use within the OpenShift Container Platform 4.12, 4.13 and 4.14 cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments, aligning with the standalone product release.

Security Fix(es):

  • open redirect via β€œform_post.jwt” JARM response mode (CVE-2023-6927)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

7.6

Confidence

Low

EPSS

0.001

Percentile

47.1%