Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2024:6882
HistorySep 19, 2024 - 4:40 p.m.

(RHSA-2024:6882) Important: Red Hat Single Sign-On 7.6.11 for OpenShift image enhancement update

2024-09-1916:40:09
access.redhat.com
1
red hat single sign-on
openshift
image enhancement
security fixes
saml
redirect uri validation

CVSS3

7.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L

AI Score

7.8

Confidence

High

EPSS

0.005

Percentile

76.5%

JSON

Red Hat Single Sign-On is an integrated sign-on solution, available as a
Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat
Single Sign-On for OpenShift image provides an authentication server that
you can use to log in centrally, log out, and register. You can also manage
user accounts for web applications, mobile applications, and RESTful web
services.

Security Fix(es):

  • Improper Verification of SAML Responses Leading to Privilege Escalation in
    Keycloak (CVE-2024-8698)
  • Vulnerable Redirect URI Validation Results in Open Redirec (CVE-2024-8883)

This erratum releases a new image for Red Hat Single Sign-On 7.6.11 for
use within the OpenShift Container Platform 3.10, OpenShift Container Platform
3.11, and within the OpenShift Container Platform 4.3 cloud computing Platform-as-a-Service (PaaS) for
on-premise or private cloud deployments, aligning with the standalone product release.

Related

nessus 3
redhat 8
vulnrichment 2
osv 2
github 2
cve 2
wolfi 1
cvelist 2
nvd 2
redhatcve 2
nessus
nessus
RHEL 9 : Red Hat Single Sign-On 7.6.11 security update on RHEL 9 (Important) (RHSA-2024:6880)
2024-09-19 00:00:00
RHEL 7 : Red Hat Single Sign-On 7.6.11 security update on RHEL 7 (Important) (RHSA-2024:6878)
2024-09-19 00:00:00
RHEL 8 : Red Hat Single Sign-On 7.6.11 security update on RHEL 8 (Important) (RHSA-2024:6879)
2024-09-19 00:00:00
redhat
redhat
(RHSA-2024:6879) Important: Red Hat Single Sign-On 7.6.11 security update on RHEL 8
2024-09-19 16:39:24
(RHSA-2024:6889) Important: Red Hat build of Keycloak 24.0.8 Images Update
2024-09-19 17:05:11
(RHSA-2024:6887) Important: Red Hat build of Keycloak 22.0.13 Images Update
2024-09-19 17:01:19
vulnrichment
vulnrichment
CVE-2024-8883 Keycloak: vulnerable redirect uri validation results in open redirec
2024-09-19 15:48:28
CVE-2024-8698 Keycloak-saml-core: improper verification of saml responses leading to privilege escalation in keycloak
2024-09-19 15:48:18
osv
osv
Keycloak Open Redirect vulnerability
2024-09-19 18:30:52
Keycloak SAML signature validation flaw
2024-09-19 18:30:52
github
github
Keycloak Open Redirect vulnerability
2024-09-19 18:30:52
Keycloak SAML signature validation flaw
2024-09-19 18:30:52
cve
cve
CVE-2024-8883
2024-09-19 16:15:06
CVE-2024-8698
2024-09-19 16:15:06
wolfi
wolfi
CVE-2024-8883 vulnerabilities
2024-09-29 09:21:20
cvelist
cvelist
CVE-2024-8883 Keycloak: vulnerable redirect uri validation results in open redirec
2024-09-19 15:48:28
CVE-2024-8698 Keycloak-saml-core: improper verification of saml responses leading to privilege escalation in keycloak
2024-09-19 15:48:18
nvd
nvd
CVE-2024-8883
2024-09-19 16:15:06
CVE-2024-8698
2024-09-19 16:15:06
redhatcve
redhatcve
CVE-2024-8883
2024-09-19 15:45:27
CVE-2024-8698
2024-09-19 15:45:17

CVSS3

7.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L

AI Score

7.8

Confidence

High

EPSS

0.005

Percentile

76.5%

JSON
Related for RHSA-2024:6882
nessus3redhat8vulnrichment2osv2github2cve2wolfi1cvelist2nvd2redhatcve2