Lucene search

K
redhatRedHatRHSA-2024:3570
HistoryJun 03, 2024 - 7:45 p.m.

(RHSA-2024:3570) Low: Red Hat Single Sign-On 7.6.9 for OpenShift image enhancement update

2024-06-0319:45:22
access.redhat.com
6
red hat single sign-on
openshift
authentication server
image enhancement
security fix
paas
containerized image
cve-2024-4540

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

AI Score

8.2

Confidence

High

EPSS

0.05

Percentile

92.9%

Red Hat Single Sign-On is an integrated sign-on solution, available as a
Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat
Single Sign-On for OpenShift image provides an authentication server that
you can use to log in centrally, log out, and register. You can also manage
user accounts for web applications, mobile applications, and RESTful web
services.

This erratum releases a new image for Red Hat Single Sign-On 7.6.9 for
use within the OpenShift Container Platform 3.10, OpenShift Container Platform
3.11, and within the OpenShift Container Platform 4.3 cloud computing Platform-as-a-Service (PaaS) for
on-premise or private cloud deployments, aligning with the standalone product release.

Security Fix(es):

  • exposure of sensitive information in Pushed Authorization Requests (PAR)
    KC_RESTART cookie (CVE-2024-4540)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

AI Score

8.2

Confidence

High

EPSS

0.05

Percentile

92.9%