Lucene search
RedHatRHSA-2024:3568HistoryJun 03, 2024 - 7:44 p.m.
(RHSA-2024:3568) Low: Red Hat Single Sign-On 7.6.9 security update on RHEL 9
2024-06-0319:44:23
access.redhat.com
2
red hat single sign-on
keycloak project
authentication
single sign-on
security update
rhel 9
bug fixes
enhancements
cve-2024-4540
cvss score
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.6.9 on RHEL 9 serves as a replacement for Red Hat Single Sign-On 7.6.8, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
- exposure of sensitive information in Pushed Authorization Requests (PAR)
KC_RESTART cookie (CVE-2024-4540)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 9 | noarch | rh-sso7-keycloak | < 18.0.14-1.redhat_00001.1.el9sso | rh-sso7-keycloak-18.0.14-1.redhat_00001.1.el9sso.noarch.rpm |
| RedHat | 9 | noarch | rh-sso7-keycloak-server | < 18.0.14-1.redhat_00001.1.el9sso | rh-sso7-keycloak-server-18.0.14-1.redhat_00001.1.el9sso.noarch.rpm |
Related
nvd
nvd
CVE-2024-4540
2024-06-03 16:15:08
nessus
nessus
cve
cve
CVE-2024-4540
2024-06-03 16:15:08
redhat
redhat
veracode
veracode
Sensitive Information Disclosure
2024-06-06 06:38:41
cvelist
cvelist
redhatcve
redhatcve
CVE-2024-4540
2024-06-03 15:33:10
vulnrichment
vulnrichment