Filtered by vendor Redhat
Subscriptions
Filtered by product Red Hat Single Sign On
Subscriptions
Total
203 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-8698 | 1 Redhat | 4 Build Keycloak, Jboss Enterprise Application Platform, Red Hat Single Sign On and 1 more | 2024-11-05 | 7.7 High |
A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Reference element used to specify the signed element. This flaw allows attackers to create crafted responses that can bypass the validation, potentially leading to privilege escalation or impersonation attacks. | ||||
CVE-2024-10234 | 1 Redhat | 7 Build Keycloak, Build Of Keycloak, Jboss Data Grid and 4 more | 2024-10-30 | 6.1 Medium |
A vulnerability was found in Wildfly, where a user may perform Cross-site scripting in the Wildfly deployment system. This flaw allows an attacker or insider to execute a deployment with a malicious payload, which could trigger undesired behavior against the server. | ||||
CVE-2024-7341 | 1 Redhat | 8 Build Keycloak, Build Of Keycloak, Enterprise Linux and 5 more | 2024-10-04 | 7.1 High |
A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin option is configured. This flaw allows an attacker who hijacks the current session before authentication to trigger session fixation. |