Lucene search
RedHatRHSA-2024:3566HistoryJun 03, 2024 - 7:44 p.m.
(RHSA-2024:3566) Low: Red Hat Single Sign-On 7.6.9 security update on RHEL 7
2024-06-0319:44:17
access.redhat.com
3
red hat single sign-on
rhel 7
security update
bug fixes
keycloak project
authentication
single sign-on
pushed authorization requests
cve-2024-4540
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.6.9 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.6.8, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
- exposure of sensitive information in Pushed Authorization Requests (PAR)
KC_RESTART cookie (CVE-2024-4540)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 7 | noarch | rh-sso7-keycloak | < 18.0.14-1.redhat_00001.1.el7sso | rh-sso7-keycloak-18.0.14-1.redhat_00001.1.el7sso.noarch.rpm |
| RedHat | 7 | noarch | rh-sso7-keycloak-server | < 18.0.14-1.redhat_00001.1.el7sso | rh-sso7-keycloak-server-18.0.14-1.redhat_00001.1.el7sso.noarch.rpm |
Related
nvd
nvd
CVE-2024-4540
2024-06-03 16:15:08
nessus
nessus
cve
cve
CVE-2024-4540
2024-06-03 16:15:08
redhat
redhat
(RHSA-2024:3567) Low: Red Hat Single Sign-On 7.6.9 security update on RHEL 8
2024-06-03 19:44:20
(RHSA-2024:3568) Low: Red Hat Single Sign-On 7.6.9 security update on RHEL 9
2024-06-03 19:44:23
(RHSA-2024:3572) Low: Red Hat Single Sign-On 7.6.9 security update
2024-06-03 19:59:30
cvelist
cvelist
veracode
veracode
Sensitive Information Disclosure
2024-06-06 06:38:41
vulnrichment
vulnrichment
redhatcve
redhatcve
CVE-2024-4540
2024-06-03 15:33:10