Lucene search
K

10 matches found

vulnersOsv
vulnersOsv
added 2024/10/14 8:55 p.m.6 views

com.charlyghislain.keycloak:keycloak-importexport (=21.0.0), com.github.vzakharchenko:chillispot-radius-plugin (>=1.4.10 <=1.4.11) +79 more potentially affected by CVE-2024-7341 via org.keycloak:keycloak-services (>=1.0-alpha-1 <=22.0.1)

org.keycloak:keycloak-services MAVEN version =1.0-alpha-1, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =0.3.0-20.0.1, =0.4.5-20.0.2, =1.0.1, =1.3.2, =1.3.6 - io.github.jeff-tian:keycloak-phone-provider =2.3.10 and more Source cves: CVE-2024-7341 Source advisor...

7.1CVSS5.7AI score0.008EPSS
Exploits0
OSV
OSV
added 2024/09/09 7:15 p.m.19 views

CVE-2024-7341

A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin option is configured. This flaw allows an attacker who hijacks the current session before authenticati...

7.1CVSS7.1AI score0.008EPSS
Exploits0References11
Vulnrichment
Vulnrichment
added 2024/09/09 6:51 p.m.22 views

CVE-2024-7341 Wildfly-elytron: org.keycloak/keycloak-services: session fixation in elytron saml adapters

A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin option is configured. This flaw allows an attacker who hijacks the current session before authenticati...

7.1CVSS6.9AI score0.008EPSS
Exploits0References12
CVE
CVE
added 2024/09/09 6:51 p.m.351 views

CVE-2024-7341

CVE-2024-7341 describes a session fixation flaw in Keycloak’s SAML adapters (Elytron SAML) where the session ID and JSESSIONID cookie are not rotated on login, even with turnOffChangeSessionIdOnLogin enabled. This allows an attacker who hijacks the current session before authentication to trigger...

7.1CVSS6.9AI score0.008EPSS
Exploits0References12Affected Software1
RedHat Linux
RedHat Linux
added 2024/09/09 4:9 p.m.23 views

Moderate: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.10 security update on RHEL 9

New Red Hat Single Sign-On 7.6.10 packages are now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.1CVSS6.1AI score0.008EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/09/09 4:2 p.m.22 views

Moderate: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.10 security update on RHEL 8

New Red Hat Single Sign-On 7.6.10 packages are now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.1CVSS6.1AI score0.008EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/09/09 4:0 p.m.23 views

Moderate: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.10 security update on RHEL 7

New Red Hat Single Sign-On 7.6.10 packages are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.1CVSS6.1AI score0.008EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2024/09/09 2:12 p.m.39 views

CVE-2024-7341

A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin option is configured. This flaw allows an attacker who hijacks the current session before authenticati...

7.1CVSS6.7AI score0.008EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/09/09 12:0 a.m.22 views

RHEL 9 : Red Hat Single Sign-On 7.6.10 security update on RHEL 9 (Moderate) (RHSA-2024:6495)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:6495 advisory. Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single...

7.1CVSS5.7AI score0.008EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2024/09/09 12:0 a.m.24 views

RHEL 7 : Red Hat Single Sign-On 7.6.10 security update on RHEL 7 (Moderate) (RHSA-2024:6493)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:6493 advisory. Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single...

7.1CVSS5.7AI score0.008EPSS
Exploits0References9
Rows per page
Query Builder