Lucene search
RedHatRHSA-2024:1862HistoryApr 16, 2024 - 7:48 p.m.
(RHSA-2024:1862) Important: Red Hat Single Sign-On 7.6.8 security update on RHEL 9
2024-04-1619:48:44
access.redhat.com
11
red hat single sign-on
rhel 9
security update
bug fixes
webauthn
authentication
authorization bypass
log injection
redirection validation
ddos
cvss score
references section
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.6.8 on RHEL 9 serves as a replacement for Red Hat Single Sign-On 7.6.7, and includes bug fixes, security updates and
enhancements which are linked to in the References.
Security Fix(es):
- Authorization Bypass (CVE-2023-6544)
- Log Injection during WebAuthn authentication or registration (CVE-2023-6484)
- path transversal in redirection validation (CVE-2024-1132)
- unvalidated cross-origin messages in checkLoginIframe leads to DDoS (CVE-2024-1249)
- undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol (CVE-2024-1635)
For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in the
References section.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 9 | noarch | rh-sso7-keycloak-server | < 18.0.13-1.redhat_00001.1.el9sso | rh-sso7-keycloak-server-18.0.13-1.redhat_00001.1.el9sso.noarch.rpm |
| RedHat | 9 | noarch | rh-sso7-keycloak | < 18.0.13-1.redhat_00001.1.el9sso | rh-sso7-keycloak-18.0.13-1.redhat_00001.1.el9sso.noarch.rpm |
Related
redhat
redhat
nessus
nessus
nvd
nvd
cve
cve
ubuntucve
ubuntucve
CVE-2024-1635
2024-02-19 00:00:00
prion
prion
Design/Logic Flaw
2024-02-19 22:15:00
redhatcve
redhatcve
cvelist
cvelist
CVE-2024-1635 Undertow: out-of-memory error after several closed connections with wildfly-http-client protocol
2024-02-19 21:23:14
CVE-2024-1249 Keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkloginiframe leads to ddos
2024-04-17 13:22:48
CVE-2024-1132 Keycloak: path transversal in redirection validation
2024-04-17 13:21:19
veracode
veracode
Open Redirect
2024-04-18 04:12:09
Cross-Site Request Forgery (CSRF)
2024-04-18 04:19:15
Authorization Bypass
2024-04-18 10:19:01
wolfi
wolfi
CVE-2024-1132 vulnerabilities
2024-06-09 09:07:54
CVE-2024-1249 vulnerabilities
2024-06-09 09:07:54
CVE-2023-6544 vulnerabilities
2024-06-09 09:07:54
osv
osv
Keycloak path transversal vulnerability in redirection validation
2024-04-17 18:25:08
Keycloak Authorization Bypass vulnerability
2024-04-17 17:33:29
debiancve
debiancve
CVE-2024-1635
2024-02-19 22:15:48
github
github
Keycloak path transversal vulnerability in redirection validation
2024-04-17 18:25:08
Keycloak Authorization Bypass vulnerability
2024-04-17 17:33:29
cgr
cgr
CVE-2024-1249 vulnerabilities
2024-05-19 03:07:16
CVE-2024-1132 vulnerabilities
2024-05-19 03:07:16
CVE-2023-6544 vulnerabilities
2024-05-19 03:07:16
oracle
oracle
Oracle Critical Patch Update Advisory - April 2024
2024-04-16 00:00:00