OpenCVE

A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Reference element used to specify the signed element. This flaw allows attackers to create crafted responses that can bypass the validation, potentially leading to privilege escalation or impersonation attacks.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Redhat	Build Keycloak Jboss Enterprise Application Platform Red Hat Single Sign On Rhosemc

No data.

Package	CPE	Advisory	Released Date
Red Hat Build of Keycloak
	cpe:/a:redhat:build_keycloak:22	RHSA-2024:6888	2024-09-19T00:00:00Z
org.keycloak/keycloak-saml-core	cpe:/a:redhat:build_keycloak:24	RHSA-2024:6890	2024-09-19T00:00:00Z
Red Hat build of Keycloak 22
rhbk/keycloak-operator-bundle:22.0.13-1	cpe:/a:redhat:build_keycloak:22::el9	RHSA-2024:6887	2024-09-19T00:00:00Z
rhbk/keycloak-rhel9:22-18	cpe:/a:redhat:build_keycloak:22::el9	RHSA-2024:6887	2024-09-19T00:00:00Z
rhbk/keycloak-rhel9-operator:22-21	cpe:/a:redhat:build_keycloak:22::el9	RHSA-2024:6887	2024-09-19T00:00:00Z
Red Hat build of Keycloak 24
rhbk/keycloak-operator-bundle:24.0.8-1	cpe:/a:redhat:build_keycloak:24::el9	RHSA-2024:6889	2024-09-19T00:00:00Z
rhbk/keycloak-rhel9:24-17	cpe:/a:redhat:build_keycloak:24::el9	RHSA-2024:6889	2024-09-19T00:00:00Z
rhbk/keycloak-rhel9-operator:24-17	cpe:/a:redhat:build_keycloak:24::el9	RHSA-2024:6889	2024-09-19T00:00:00Z
Red Hat JBoss Enterprise Application Platform 8
org.keycloak/keycloak-saml-core	cpe:/a:redhat:jboss_enterprise_application_platform:8.0	RHSA-2024:8826	2024-11-04T00:00:00Z
org.keycloak/keycloak-saml-core-public	cpe:/a:redhat:jboss_enterprise_application_platform:8.0	RHSA-2024:8826	2024-11-04T00:00:00Z
Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
eap8-activemq-artemis-0:2.33.0-1.redhat_00015.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:8823	2024-11-04T00:00:00Z
eap8-activemq-artemis-native-1:2.0.0-2.redhat_00005.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:8823	2024-11-04T00:00:00Z
eap8-aesh-extensions-0:1.8.0-2.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:8823	2024-11-04T00:00:00Z
eap8-aesh-readline-0:2.2.0-2.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:8823	2024-11-04T00:00:00Z
eap8-apache-commons-codec-0:1.16.1-2.redhat_00007.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:8823	2024-11-04T00:00:00Z
eap8-apache-commons-collections-0:3.2.2-28.redhat_2.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:8823	2024-11-04T00:00:00Z
eap8-apache-commons-io-0:2.15.1-1.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:8823	2024-11-04T00:00:00Z
eap8-apache-commons-lang-0:3.14.0-2.redhat_00006.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:8823	2024-11-04T00:00:00Z
eap8-apache-cxf-0:4.0.5-1.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:8823	2024-11-04T00:00:00Z
eap8-artemis-native-1:2.0.0-2.redhat_00005.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:8823	2024-11-04T00:00:00Z
eap8-artemis-wildfly-integration-0:2.0.1-1.redhat_00002.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:8823	2024-11-04T00:00:00Z
eap8-asyncutil-0:0.1.0-2.redhat_00010.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:8823	2024-11-04T00:00:00Z
eap8-aws-java-sdk-0:1.12.284-2.redhat_00002.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:8823	2024-11-04T00:00:00Z
eap8-cryptacular-0:1.2.5-2.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:8823	2024-11-04T00:00:00Z
eap8-eap-product-conf-parent-0:800.4.0-1.GA_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:8823	2024-11-04T00:00:00Z
eap8-fastinfoset-0:2.1.0-4.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:8823	2024-11-04T00:00:00Z
eap8-hibernate-0:6.2.31-1.Final_redhat_00002.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:8823	2024-11-04T00:00:00Z
eap8-hibernate-validator-0:8.0.1-3.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:8823	2024-11-04T00:00:00Z
eap8-hppc-0:0.8.1-2.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:8823	2024-11-04T00:00:00Z
eap8-insights-java-client-0:1.1.3-1.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:8823	2024-11-04T00:00:00Z
eap8-jakarta-servlet-jsp-jstl-api-0:3.0.1-1.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:8823	2024-11-04T00:00:00Z
eap8-jboss-cert-helper-0:1.1.3-1.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:8823	2024-11-04T00:00:00Z
eap8-jboss-logging-0:3.5.3-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:8823	2024-11-04T00:00:00Z
eap8-jctools-0:4.0.2-1.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:8823	2024-11-04T00:00:00Z
eap8-jgroups-0:5.3.10-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:8823	2024-11-04T00:00:00Z
eap8-log4j-0:2.22.1-1.redhat_00002.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:8823	2024-11-04T00:00:00Z
eap8-narayana-0:6.0.3-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:8823	2024-11-04T00:00:00Z
eap8-nimbus-jose-jwt-0:9.37.3-1.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:8823	2024-11-04T00:00:00Z
eap8-objectweb-asm-0:9.6.0-1.redhat_00002.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:8823	2024-11-04T00:00:00Z
eap8-pem-keystore-0:2.3.0-1.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:8823	2024-11-04T00:00:00Z
eap8-resteasy-extensions-0:2.0.1-3.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:8823	2024-11-04T00:00:00Z
eap8-resteasy-spring-0:3.0.1-2.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:8823	2024-11-04T00:00:00Z
eap8-saaj-impl-0:3.0.4-1.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:8823	2024-11-04T00:00:00Z
eap8-shibboleth-java-support-0:8.0.0-6.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:8823	2024-11-04T00:00:00Z
eap8-slf4j-0:2.0.16-1.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:8823	2024-11-04T00:00:00Z
eap8-snakeyaml-0:2.2.0-1.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:8823	2024-11-04T00:00:00Z
eap8-wildfly-0:8.0.4-2.GA_redhat_00005.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:8823	2024-11-04T00:00:00Z
Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
eap8-activemq-artemis-0:2.33.0-1.redhat_00015.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:8824	2024-11-04T00:00:00Z
eap8-activemq-artemis-native-1:2.0.0-2.redhat_00005.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:8824	2024-11-04T00:00:00Z
eap8-aesh-extensions-0:1.8.0-2.redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:8824	2024-11-04T00:00:00Z
eap8-aesh-readline-0:2.2.0-2.redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:8824	2024-11-04T00:00:00Z
eap8-apache-commons-codec-0:1.16.1-2.redhat_00007.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:8824	2024-11-04T00:00:00Z
eap8-apache-commons-collections-0:3.2.2-28.redhat_2.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:8824	2024-11-04T00:00:00Z
eap8-apache-commons-io-0:2.15.1-1.redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:8824	2024-11-04T00:00:00Z
eap8-apache-commons-lang-0:3.14.0-2.redhat_00006.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:8824	2024-11-04T00:00:00Z
eap8-apache-cxf-0:4.0.5-1.redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:8824	2024-11-04T00:00:00Z
eap8-artemis-native-1:2.0.0-2.redhat_00005.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:8824	2024-11-04T00:00:00Z
eap8-artemis-wildfly-integration-0:2.0.1-1.redhat_00002.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:8824	2024-11-04T00:00:00Z
eap8-asyncutil-0:0.1.0-2.redhat_00010.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:8824	2024-11-04T00:00:00Z
eap8-aws-java-sdk-0:1.12.284-2.redhat_00002.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:8824	2024-11-04T00:00:00Z
eap8-cryptacular-0:1.2.5-2.redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:8824	2024-11-04T00:00:00Z
eap8-eap-product-conf-parent-0:800.4.0-1.GA_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:8824	2024-11-04T00:00:00Z
eap8-fastinfoset-0:2.1.0-4.redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:8824	2024-11-04T00:00:00Z
eap8-hibernate-0:6.2.31-1.Final_redhat_00002.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:8824	2024-11-04T00:00:00Z
eap8-hibernate-validator-0:8.0.1-3.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:8824	2024-11-04T00:00:00Z
eap8-hppc-0:0.8.1-2.redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:8824	2024-11-04T00:00:00Z
eap8-insights-java-client-0:1.1.3-1.redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:8824	2024-11-04T00:00:00Z
eap8-jakarta-servlet-jsp-jstl-api-0:3.0.1-1.redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:8824	2024-11-04T00:00:00Z
eap8-jboss-cert-helper-0:1.1.3-1.redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:8824	2024-11-04T00:00:00Z
eap8-jboss-logging-0:3.5.3-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:8824	2024-11-04T00:00:00Z
eap8-jctools-0:4.0.2-1.redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:8824	2024-11-04T00:00:00Z
eap8-jgroups-0:5.3.10-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:8824	2024-11-04T00:00:00Z
eap8-log4j-0:2.22.1-1.redhat_00002.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:8824	2024-11-04T00:00:00Z
eap8-narayana-0:6.0.3-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:8824	2024-11-04T00:00:00Z
eap8-nimbus-jose-jwt-0:9.37.3-1.redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:8824	2024-11-04T00:00:00Z
eap8-objectweb-asm-0:9.6.0-1.redhat_00002.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:8824	2024-11-04T00:00:00Z
eap8-pem-keystore-0:2.3.0-1.redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:8824	2024-11-04T00:00:00Z
eap8-resteasy-extensions-0:2.0.1-3.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:8824	2024-11-04T00:00:00Z
eap8-resteasy-spring-0:3.0.1-2.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:8824	2024-11-04T00:00:00Z
eap8-saaj-impl-0:3.0.4-1.redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:8824	2024-11-04T00:00:00Z
eap8-shibboleth-java-support-0:8.0.0-6.redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:8824	2024-11-04T00:00:00Z
eap8-slf4j-0:2.0.16-1.redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:8824	2024-11-04T00:00:00Z
eap8-snakeyaml-0:2.2.0-1.redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:8824	2024-11-04T00:00:00Z
eap8-wildfly-0:8.0.4-2.GA_redhat_00005.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:8824	2024-11-04T00:00:00Z
Red Hat Single Sign-On 7
org.keycloak/keycloak-saml-core	cpe:/a:redhat:red_hat_single_sign_on:7.6	RHSA-2024:6886	2024-09-19T00:00:00Z
Red Hat Single Sign-On 7.6 for RHEL 7
rh-sso7-keycloak-0:18.0.18-1.redhat_00001.1.el7sso	cpe:/a:redhat:red_hat_single_sign_on:7.6::el7	RHSA-2024:6878	2024-09-19T00:00:00Z
Red Hat Single Sign-On 7.6 for RHEL 8
rh-sso7-keycloak-0:18.0.18-1.redhat_00001.1.el8sso	cpe:/a:redhat:red_hat_single_sign_on:7.6::el8	RHSA-2024:6879	2024-09-19T00:00:00Z
Red Hat Single Sign-On 7.6 for RHEL 9
rh-sso7-keycloak-0:18.0.18-1.redhat_00001.1.el9sso	cpe:/a:redhat:red_hat_single_sign_on:7.6::el9	RHSA-2024:6880	2024-09-19T00:00:00Z
RHEL-8 based Middleware Containers
rh-sso-7/sso76-openshift-rhel8:7.6-54	cpe:/a:redhat:rhosemc:1.0::el8	RHSA-2024:6882	2024-09-19T00:00:00Z

References

Link	Providers
https://access.redhat.com/errata/RHSA-2024:6878
https://access.redhat.com/errata/RHSA-2024:6879
https://access.redhat.com/errata/RHSA-2024:6880
https://access.redhat.com/errata/RHSA-2024:6882
https://access.redhat.com/errata/RHSA-2024:6886
https://access.redhat.com/errata/RHSA-2024:6887
https://access.redhat.com/errata/RHSA-2024:6888
https://access.redhat.com/errata/RHSA-2024:6889
https://access.redhat.com/errata/RHSA-2024:6890
https://access.redhat.com/errata/RHSA-2024:8823
https://access.redhat.com/errata/RHSA-2024:8824
https://access.redhat.com/errata/RHSA-2024:8826
https://access.redhat.com/security/cve/CVE-2024-8698
https://bugzilla.redhat.com/show_bug.cgi?id=2311641
https://github.com/keycloak/keycloak/blob/main/saml-core/src/main/java/org/keycloak/saml/processing/core/util/XMLSignatureUtil.java#L415
https://nvd.nist.gov/vuln/detail/CVE-2024-8698
https://www.cve.org/CVERecord?id=CVE-2024-8698

History

Tue, 05 Nov 2024 03:30:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/a:redhat:jboss_enterprise_application_platform:8~~	cpe:/a:redhat:jboss_enterprise_application_platform:8.0 cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8 cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
References		https://access.redhat.com/errata/RHSA-2024:8823 https://access.redhat.com/errata/RHSA-2024:8824 https://access.redhat.com/errata/RHSA-2024:8826

Thu, 19 Sep 2024 20:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhosemc
CPEs		cpe:/a:redhat:build_keycloak:22 cpe:/a:redhat:build_keycloak:22::el9 cpe:/a:redhat:build_keycloak:24 cpe:/a:redhat:build_keycloak:24::el9 cpe:/a:redhat:red_hat_single_sign_on:7.6 cpe:/a:redhat:red_hat_single_sign_on:7.6::el7 cpe:/a:redhat:red_hat_single_sign_on:7.6::el8 cpe:/a:redhat:red_hat_single_sign_on:7.6::el9 cpe:/a:redhat:rhosemc:1.0::el8
Vendors & Products		Redhat rhosemc
References		https://access.redhat.com/errata/RHSA-2024:6878 https://access.redhat.com/errata/RHSA-2024:6879 https://access.redhat.com/errata/RHSA-2024:6880 https://access.redhat.com/errata/RHSA-2024:6882 https://access.redhat.com/errata/RHSA-2024:6886 https://access.redhat.com/errata/RHSA-2024:6887 https://access.redhat.com/errata/RHSA-2024:6888 https://access.redhat.com/errata/RHSA-2024:6889 https://access.redhat.com/errata/RHSA-2024:6890

Thu, 19 Sep 2024 19:30:00 +0000

Type	Values Removed	Values Added
References		https://nvd.nist.gov/vuln/detail/CVE-2024-8698 https://www.cve.org/CVERecord?id=CVE-2024-8698
Metrics	threat_severity `None`	threat_severity `Important`

Thu, 19 Sep 2024 18:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 19 Sep 2024 16:00:00 +0000

Type	Values Removed	Values Added
Description		A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Reference element used to specify the signed element. This flaw allows attackers to create crafted responses that can bypass the validation, potentially leading to privilege escalation or impersonation attacks.
Title		Keycloak-saml-core: improper verification of saml responses leading to privilege escalation in keycloak
First Time appeared		Redhat Redhat build Keycloak Redhat jboss Enterprise Application Platform Redhat red Hat Single Sign On
Weaknesses		CWE-347
CPEs		cpe:/a:redhat:build_keycloak: cpe:/a:redhat:jboss_enterprise_application_platform:8 cpe:/a:redhat:red_hat_single_sign_on:7
Vendors & Products		Redhat Redhat build Keycloak Redhat jboss Enterprise Application Platform Redhat red Hat Single Sign On
References		https://access.redhat.com/security/cve/CVE-2024-8698 https://bugzilla.redhat.com/show_bug.cgi?id=2311641 https://github.com/keycloak/keycloak/blob/main/saml-core/src/main/java/org/keycloak/saml/processing/core/util/XMLSignatureUtil.java#L415
Metrics		cvssV3_1 `{'score': 7.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L'}`

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-09-19T15:48:18.464Z

Updated: 2024-11-05T03:04:08.394Z

Reserved: 2024-09-11T12:55:53.092Z

Link: CVE-2024-8698

Vulnrichment

Updated: 2024-09-19T17:57:02.926Z

NVD

Status : Awaiting Analysis

Published: 2024-09-19T16:15:06.177

Modified: 2024-11-05T04:15:03.183

Link: CVE-2024-8698

Redhat

Severity : Important

Publid Date: 2024-09-19T15:12:00Z

Links: CVE-2024-8698 - Bugzilla

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact Low

Availability Impact Low

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object