CVE-2024-12369 Elytron-oidc-client: oidc authorization code injection

A vulnerability was found in OIDC-Client. When using the RH SSO OIDC adapter with EAP 7.x or when using the elytron-oidc-client subsystem with EAP 8.x, authorization code injection attacks can occur, allowing an attacker to inject a stolen authorization code into the attacker's own session with t...

CVE-2024-12369

A vulnerability was found in OIDC-Client. When using the RH SSO OIDC adapter with EAP 7.x or when using the elytron-oidc-client subsystem with EAP 8.x, authorization code injection attacks can occur, allowing an attacker to inject a stolen authorization code into the attacker's own session with t...

RHSA-2020:2814 Red Hat Security Advisory: RH-SSO 7.4.1 adapters for Red Hat JBoss Enterprise Application Platform 7

Bulletin has no description...

RHSA-2020:2816 Red Hat Security Advisory: RH-SSO 7.4.1 adapters for Red Hat JBoss Enterprise Application Platform 6

Bulletin has no description...

RHSA-2019:3049 Red Hat Security Advisory: RH-SSO 7.3.4 adapters for Enterprise Application Platform 7.2 security update

Bulletin has no description...

RHSA-2019:3048 Red Hat Security Advisory: RH-SSO 7.3.4 adapters for Enterprise Application Platform 6 security update

Bulletin has no description...

CVE-2024-0560 Apicast: use_3scale_oidc_issuer_endpoint of token introspection policy isn't compatible with rh-sso 7.5 or later versions

A vulnerability was found in 3Scale, when used with Keycloak 15 or RHSSO 7.5.0 and superiors. When the authtype is use3scaleoidcissuerendpoint, the Token Introspection policy discovers the Token Introspection endpoint from the tokenintrospectionendpoint field, but the field was removed on RH-SSO...

Important: Red Hat Security Advisory: updated rh-sso-7/sso76-openshift-rhel8 container and operator related images

Updated rh-sso-7/sso76-openshift-rhel8 container image and rh-sso-7/sso7-rhel8-operator-bundle image is now available for RHEL-8 based Middleware Containers. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base...

Important: Red Hat Security Advisory: RH-SSO 7.4.1 adapters for Red Hat JBoss Enterprise Application Platform 6

A security update is now available for Red Hat Single Sign-On 7.4.1 adapters for Red Hat JBoss Enterprise Application Platform 6 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

RHEL 7 : Satellite 6.7 . (Important) (RHSA-2020:1454)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1454 advisory. Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring...

RHEL 6 / 7 : RH-SSO 7.3.4 adapters for Enterprise Application Platform 6 (RHSA-2019:3048)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:3048 advisory. Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on...

keycloak, python2 security update

CentOS Errata and Security Advisory CESA-2019:2137 An update for keycloak-httpd-client-install is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a...

CentOS 7 : keycloak-httpd-client-install (CESA-2019:2137)

An update for keycloak-httpd-client-install is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...