Lucene search

K
redhatRedHatRHSA-2024:1862
HistoryApr 16, 2024 - 7:48 p.m.

(RHSA-2024:1862) Important: Red Hat Single Sign-On 7.6.8 security update on RHEL 9

2024-04-1619:48:44
access.redhat.com
11
red hat single sign-on
rhel 9
security update
bug fixes
webauthn
authentication
authorization bypass
log injection
redirection validation
ddos
cvss score
references section

8.1 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.9%

Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.

This release of Red Hat Single Sign-On 7.6.8 on RHEL 9 serves as a replacement for Red Hat Single Sign-On 7.6.7, and includes bug fixes, security updates and
enhancements which are linked to in the References.
Security Fix(es):

  • Authorization Bypass (CVE-2023-6544)
  • Log Injection during WebAuthn authentication or registration (CVE-2023-6484)
  • path transversal in redirection validation (CVE-2024-1132)
  • unvalidated cross-origin messages in checkLoginIframe leads to DDoS (CVE-2024-1249)
  • undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol (CVE-2024-1635)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in the
References section.

8.1 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.9%