Lucene search
RedHatRHSA-2024:3567HistoryJun 03, 2024 - 7:44 p.m.
(RHSA-2024:3567) Low: Red Hat Single Sign-On 7.6.9 security update on RHEL 8
2024-06-0319:44:20
access.redhat.com
4
red hat single sign-on
security update
rhel 8
sensitive information exposure
cve-2024-4540
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.6.9 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.6.8, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
- exposure of sensitive information in Pushed Authorization Requests (PAR)
KC_RESTART cookie (CVE-2024-4540)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 8 | noarch | rh-sso7-keycloak | < 18.0.14-1.redhat_00001.1.el8sso | rh-sso7-keycloak-18.0.14-1.redhat_00001.1.el8sso.noarch.rpm |
| RedHat | 8 | noarch | rh-sso7-keycloak-server | < 18.0.14-1.redhat_00001.1.el8sso | rh-sso7-keycloak-server-18.0.14-1.redhat_00001.1.el8sso.noarch.rpm |
Related
nvd
nvd
CVE-2024-4540
2024-06-03 16:15:08
nessus
nessus
cve
cve
CVE-2024-4540
2024-06-03 16:15:08
redhat
redhat
veracode
veracode
Sensitive Information Disclosure
2024-06-06 06:38:41
cvelist
cvelist
vulnrichment
vulnrichment
redhatcve
redhatcve
CVE-2024-4540
2024-06-03 15:33:10