Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-4xx7-2cx3-x473: Keycloak SAML signature validation flaw

A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Reference element used to specify the signed element. This flaw allows attackers to create crafted responses that can bypass the validation, potentially leading to privilege escalation or impersonation attacks.

ghsa
#git

Keycloak SAML signature validation flaw

High severity GitHub Reviewed Published Sep 19, 2024 to the GitHub Advisory Database • Updated Sep 19, 2024

Related news

Red Hat Security Advisory 2024-6890-03

Red Hat Security Advisory 2024-6890-03 - New Red Hat build of Keycloak 24.0.8 packages with security impact Important are available from the Customer Portal. Issues addressed include a privilege escalation vulnerability.

Red Hat Security Advisory 2024-6889-03

Red Hat Security Advisory 2024-6889-03 - New images with security impact Important are available for Red Hat build of Keycloak 24.0.8 and Red Hat build of Keycloak 24.0.8 Operator, running on OpenShift Container Platform. Issues addressed include a privilege escalation vulnerability.

Red Hat Security Advisory 2024-6888-03

Red Hat Security Advisory 2024-6888-03 - New Red Hat build of Keycloak 22.0.13 packages with security impact Important are available from the Customer Portal. Issues addressed include a privilege escalation vulnerability.

Red Hat Security Advisory 2024-6887-03

Red Hat Security Advisory 2024-6887-03 - New images with security impact Important are available for Red Hat build of Keycloak 22.0.13 and Red Hat build of Keycloak 22.0.13 Operator, running on OpenShift Container Platform. Issues addressed include a privilege escalation vulnerability.

Red Hat Security Advisory 2024-6886-03

Red Hat Security Advisory 2024-6886-03 - A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal. Issues addressed include a privilege escalation vulnerability.

Red Hat Security Advisory 2024-6882-03

Red Hat Security Advisory 2024-6882-03 - A new image is available for Red Hat Single Sign-On 7.6.11, running on OpenShift Container Platform 3.10 and 3.11, and 4.3. Issues addressed include a privilege escalation vulnerability.

Red Hat Security Advisory 2024-6880-03

Red Hat Security Advisory 2024-6880-03 - New Red Hat Single Sign-On 7.6.11 packages are now available for Red Hat Enterprise Linux 9. Issues addressed include a privilege escalation vulnerability.

Red Hat Security Advisory 2024-6879-03

Red Hat Security Advisory 2024-6879-03 - New Red Hat Single Sign-On 7.6.11 packages are now available for Red Hat Enterprise Linux 8. Issues addressed include a privilege escalation vulnerability.

Red Hat Security Advisory 2024-6878-03

Red Hat Security Advisory 2024-6878-03 - New Red Hat Single Sign-On 7.6.11 packages are now available for Red Hat Enterprise Linux 7. Issues addressed include a privilege escalation vulnerability.