Redhat Single Sign-On vulnerabilities

CVE-2023-6927 [MEDIUM] CVE-2023-6927: A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or token A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode "form_post.jwt" which could be used to bypass the security patch implemented to address CVE-2023-6134.

CVE-2023-6563 [HIGH] CWE-770 CVE-2023-6563: An unconstrained memory consumption vulnerability was discovered in Keycloak. It can be triggered in An unconstrained memory consumption vulnerability was discovered in Keycloak. It can be triggered in environments which have millions of offline tokens (> 500,000 users with each having at least 2 saved sessions). If an attacker creates two or more user sessions and then open the "consents" tab of the admin User Interface, the UI attempts to load a huge

CVE-2023-6134 [MEDIUM] CWE-79 CVE-2023-6134: A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildc A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748.

CVE-2023-5379 [HIGH] CWE-770 CVE-2023-5379: A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by mod_cluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because mod_proxy_cluster marks the JBoss EAP instance as an error worker when t

CVE-2023-44487 [HIGH] CWE-400 CVE-2023-44487: The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancell The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

CVE-2023-2422 [MEDIUM] CWE-295 CVE-2023-2422: A flaw was found in Keycloak. A Keycloak server configured to support mTLS authentication for OAuth/ A flaw was found in Keycloak. A Keycloak server configured to support mTLS authentication for OAuth/OpenID clients does not properly verify the client certificate chain. A client that possesses a proper certificate can authorize itself as any other client, therefore, access data that belongs to other clients.

CVE-2023-3223 [HIGH] CWE-789 CVE-2023-3223: A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to nu

CVE-2022-4137 [HIGH] CWE-81 CVE-2022-4137: A reflected cross-site scripting (XSS) vulnerability was found in the 'oob' OAuth endpoint due to in A reflected cross-site scripting (XSS) vulnerability was found in the 'oob' OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to interact with a link in order to be vulnerable. This may compromise user details, allowing i

CVE-2022-4039 [HIGH] CWE-276 CVE-2022-4039: A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentially sensitive information in the app server configuration.

CVE-2022-3916 [MEDIUM] CWE-384 CVE-2022-3916: A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared co A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authen

CVE-2023-1108 [HIGH] CWE-835 CVE-2023-1108: A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unex A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.

CVE-2023-0264 [MEDIUM] CWE-287 CVE-2023-0264: A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, integrity, and availabili

CVE-2022-4361 [CRITICAL] CWE-81 CVE-2022-4361: Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) v Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers. The vulnerability can allow an attacker to execute malicious scripts by setting the AssertionConsumerServiceURL value or the redirect_uri.

CVE-2023-1664 [MEDIUM] CWE-295 CVE-2023-1664: A flaw was found in Keycloak. This flaw depends on a non-default configuration "Revalidate Client Ce A flaw was found in Keycloak. This flaw depends on a non-default configuration "Revalidate Client Certificate" to be enabled and the reverse proxy is not validating the certificate before Keycloak. Using this method an attacker may choose the certificate which will be validated by the server. If this happens and the KC_SPI_TRUSTSTORE_FILE_FILE variabl

CVE-2022-1274 [MEDIUM] CWE-80 CVE-2022-1274: A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users.

CVE-2022-2237 [MEDIUM] CWE-601 CVE-2022-2237: A flaw was found in the Keycloak Node.js Adapter. This flaw allows an attacker to benefit from an Op A flaw was found in the Keycloak Node.js Adapter. This flaw allows an attacker to benefit from an Open Redirect vulnerability in the checkSso function.

CVE-2022-4492 [HIGH] CWE-918 CVE-2022-4492: The undertow client is not checking the server identity presented by the server certificate in https The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol.

CVE-2022-1278 [HIGH] CWE-1188 CVE-2022-1278: A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other da A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may contain.

CVE-2022-2764 [MEDIUM] CWE-400 CVE-2022-2764: A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LAS A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations.

CVE-2022-2256 [LOW] CWE-79 CVE-2022-2256: A Stored Cross-site scripting (XSS) vulnerability was found in keycloak as shipped in Red Hat Single A Stored Cross-site scripting (XSS) vulnerability was found in keycloak as shipped in Red Hat Single Sign-On 7. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality.