Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2024:6503
HistorySep 09, 2024 - 3:45 p.m.

(RHSA-2024:6503) Moderate: Red Hat build of Keycloak 24.0.7 Update

2024-09-0915:45:07
access.redhat.com
red hat
keycloak
update
authentication
single sign-on
security
session fixation
one time passcode
otp
open redirect

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

High

JSON

Red Hat build of Keycloak 24.0.7 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.

Security fixes:

  • session fixation in elytron saml adapters (CVE-2024-7341)
  • One Time Passcode (OTP) is valid longer than expiration timeSeverity (CVE-2024-7318)
  • Open Redirect on Account page (CVE-2024-7260)

Related

redhat 8
cve 3
redhatcve 3
github 3
cvelist 3
vulnrichment 3
osv 4
nvd 3
nessus 3
redhat
redhat
(RHSA-2024:6502) Moderate: Red Hat build of Keycloak 24.0.7 Images Update
2024-09-09 15:45:04
(RHSA-2024:6495) Moderate: Red Hat Single Sign-On 7.6.10 security update on RHEL 9
2024-09-09 15:27:35
(RHSA-2024:6500) Moderate: Red Hat build of Keycloak 22.0.12 Images Update
2024-09-09 15:41:41
cve
cve
CVE-2024-7318
2024-09-09 19:15:14
CVE-2024-7341
2024-09-09 19:15:14
CVE-2024-7260
2024-09-09 19:15:14
redhatcve
redhatcve
CVE-2024-7341
2024-09-09 14:12:08
CVE-2024-7318
2024-09-09 14:12:04
CVE-2024-7260
2024-09-09 14:11:54
github
github
Keycloak Uses a Key Past its Expiration Date
2024-09-09 21:31:22
Keycloak Session Fixation vulnerability
2024-09-09 21:31:22
Keycloak Open Redirect vulnerability
2024-09-09 21:31:22
cvelist
cvelist
CVE-2024-7318 Keycloak-core: one time passcode (otp) is valid longer than expiration timeseverity
2024-09-09 18:50:36
CVE-2024-7341 Wildfly-elytron: org.keycloak/keycloak-services: session fixation in elytron saml adapters
2024-09-09 18:51:13
CVE-2024-7260 Keycloak-core: open redirect on account page
2024-09-09 18:49:59
vulnrichment
vulnrichment
CVE-2024-7318 Keycloak-core: one time passcode (otp) is valid longer than expiration timeseverity
2024-09-09 18:50:36
CVE-2024-7341 Wildfly-elytron: org.keycloak/keycloak-services: session fixation in elytron saml adapters
2024-09-09 18:51:13
CVE-2024-7260 Keycloak-core: open redirect on account page
2024-09-09 18:49:59
osv
osv
CGA-9737-qqj4-9xjc
2024-09-10 15:05:06
Keycloak Session Fixation vulnerability
2024-09-09 21:31:22
Keycloak Uses a Key Past its Expiration Date
2024-09-09 21:31:22
nvd
nvd
CVE-2024-7318
2024-09-09 19:15:14
CVE-2024-7260
2024-09-09 19:15:14
CVE-2024-7341
2024-09-09 19:15:14
nessus
nessus
RHEL 9 : Red Hat Single Sign-On 7.6.10 security update on RHEL 9 (Moderate) (RHSA-2024:6495)
2024-09-09 00:00:00
RHEL 7 : Red Hat Single Sign-On 7.6.10 security update on RHEL 7 (Moderate) (RHSA-2024:6493)
2024-09-09 00:00:00
RHEL 8 : Red Hat Single Sign-On 7.6.10 security update on RHEL 8 (Moderate) (RHSA-2024:6494)
2024-09-09 00:00:00

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

High

JSON
Related for RHSA-2024:6503
redhat8cve3redhatcve3github3cvelist3vulnrichment3osv4nvd3nessus3