CVE-2017-2582 — Sensitive Info Insertion into Sent Data in Redhat Keycloak

CWE-201 — Sensitive Info Insertion into Sent Data CWE-200 — Sensitive Information Exposure8 documents7 sources

Severity

6.5MEDIUMNVD

EPSS

0.6%

top 29.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Keycloak RED HAT Keycloak Redhat Jboss Enterprise Application Platform

Timeline

PublishedJul 26

Latest updateMay 15

Description

It was found that while parsing the SAML messages the StaxParserUtil class of keycloak before 2.5.1 replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request ID field to be the chosen system property which could be obtained in the "InResponseTo" field in the response.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶NVDredhat/keycloak< 2.5.1

▶CVEListV5red_hat/keycloak2.5.1

▶NVDredhat/jboss_enterprise_application_platform4 versions+3

Patches

Patch: bugzilla.redhat.com ↗Patch: github.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

OSV

keycloak-core discloses system properties↗2018-10-18

▶

GHSA

keycloak-core discloses system properties↗2018-10-18

▶

CVEList

CVE-2017-2582: It was found that while parsing the SAML messages the StaxParserUtil class of keycloak before 2↗2018-07-26

▶

💥Exploits & PoCs

Exploit-DB

Ametys CMS 4.0.2 - Password Reset↗2017-11-07

▶

📋Vendor Advisories

Red Hat

keycloak: SAML request parser replaces special strings with system properties↗2017-09-26

▶

💬Community

Bugzilla

CVE-2017-2582 picketlink: picketlink, keycloak: SAML request parser replaces special strings with system properties [fedora-all]↗2019-05-15

▶

Bugzilla

CVE-2017-2582 picketlink, keycloak: SAML request parser replaces special strings with system properties↗2017-01-05

▶