RedhatVULNRICHMENT:CVE-2024-8698CVE-2024-8698 Keycloak-saml-core: improper verification of saml responses leading to privilege escalation in keycloak
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
AI Score
Confidence
Low
EPSS
Percentile
40.0%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Reference element used to specify the signed element. This flaw allows attackers to create crafted responses that can bypass the validation, potentially leading to privilege escalation or impersonation attacks.
References
access.redhat.com/errata/RHSA-2024:6878
access.redhat.com/errata/RHSA-2024:6879
access.redhat.com/errata/RHSA-2024:6880
access.redhat.com/errata/RHSA-2024:6882
access.redhat.com/errata/RHSA-2024:6886
access.redhat.com/errata/RHSA-2024:6887
access.redhat.com/errata/RHSA-2024:6888
access.redhat.com/errata/RHSA-2024:6889
access.redhat.com/errata/RHSA-2024:6890
access.redhat.com/security/cve/CVE-2024-8698
bugzilla.redhat.com/show_bug.cgi?id=2311641
github.com/keycloak/keycloak/blob/main/saml-core/src/main/java/org/keycloak/saml/processing/core/util/XMLSignatureUtil.java#L415
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
AI Score
Confidence
Low
EPSS
Percentile
40.0%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial