10 matches found
CVE-2024-0560
A vulnerability was found in 3Scale, when used with Keycloak 15 or RHSSO 7.5.0 and superiors. When the authtype is use3scaleoidcissuerendpoint, the Token Introspection policy discovers the Token Introspection endpoint from the tokenintrospectionendpoint field, but the field was removed on RH-SSO...
Design/Logic Flaw
A vulnerability was found in 3Scale, when used with Keycloak 15 or RHSSO 7.5.0 and superiors. When the authtype is use3scaleoidcissuerendpoint, the Token Introspection policy discovers the Token Introspection endpoint from the tokenintrospectionendpoint field, but the field was removed on RH-SSO...
CVE-2024-0560
CVE-2024-0560 affects 3Scale when used with Keycloak 15 or RHSSO 7.5.0. The auth_type use_3scale_oidc_issuer_endpoint makes the Token Introspection policy read the token_introspection_endpoint field, which was removed in RH-SSO 7.5. As a result, tokens are not inspected and are treated as valid. ...
CVE-2024-0560 Apicast: use_3scale_oidc_issuer_endpoint of token introspection policy isn't compatible with rh-sso 7.5 or later versions
A vulnerability was found in 3Scale, when used with Keycloak 15 or RHSSO 7.5.0 and superiors. When the authtype is use3scaleoidcissuerendpoint, the Token Introspection policy discovers the Token Introspection endpoint from the tokenintrospectionendpoint field, but the field was removed on RH-SSO...
CVE-2024-0560 Apicast: use_3scale_oidc_issuer_endpoint of token introspection policy isn't compatible with rh-sso 7.5 or later versions
A vulnerability was found in 3Scale, when used with Keycloak 15 or RHSSO 7.5.0 and superiors. When the authtype is use3scaleoidcissuerendpoint, the Token Introspection policy discovers the Token Introspection endpoint from the tokenintrospectionendpoint field, but the field was removed on RH-SSO...
CVE-2024-0560
A vulnerability was found in 3Scale, when used with Keycloak 15 or RHSSO 7.5.0 and superiors. When the authtype is use3scaleoidcissuerendpoint, the Token Introspection policy discovers the Token Introspection endpoint from the tokenintrospectionendpoint field, but the field was removed on RH-SSO...
CVE-2022-4039 Rhsso-container-image: unsecured management interface exposed to adjecent network
A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentially sensitive information in the app server...
CVE-2022-4039 Rhsso-container-image: unsecured management interface exposed to adjecent network
A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentially sensitive information in the app server...
RHEL 8 : Red Hat Single Sign-On 7.6.4 security update on RHEL 8 (Important) (RHSA-2023:3884)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3884 advisory. Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single...
RHEL 9 : Red Hat Single Sign-On 7.6.4 security update on RHEL 9 (Important) (RHSA-2023:3885)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3885 advisory. Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single...