Redhat Single Sign-On vulnerabilities

CVE-2020-10734 [LOW] CWE-352 CVE-2020-10734: A vulnerability was found in keycloak in the way that the OIDC logout endpoint does not have CSRF pr A vulnerability was found in keycloak in the way that the OIDC logout endpoint does not have CSRF protection. Versions shipped with Red Hat Fuse 7, Red Hat Single Sign-on 7, and Red Hat Openshift Application Runtimes are believed to be vulnerable.

CVE-2020-1717 [LOW] CWE-209 CVE-2020-1717: A flaw was found in Keycloak 7.0.1. A logged in user can do an account email enumeration attack. A flaw was found in Keycloak 7.0.1. A logged in user can do an account email enumeration attack.

CVE-2020-14341 [LOW] CWE-385 CVE-2020-14341: The "Test Connection" available in v7.x of the Red Hat Single Sign On application console can permit The "Test Connection" available in v7.x of the Red Hat Single Sign On application console can permit an authorized user to cause SMTP connections to be attempted to arbitrary hosts and ports of the user's choosing, and originating from the RHSSO installation. By observing differences in the timings of these scans, an attacker may glean information abou

CVE-2020-25689 [MEDIUM] CWE-401 CVE-2020-25689: A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tr A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat

CVE-2020-14299 [MEDIUM] CWE-287 CVE-2020-14299: A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy Secur A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode. This flaw allows an attacker to perform a complete authentication bypass by using an arbitrary user and password. The highest threat to vulnerability is

CVE-2020-25644 [HIGH] CWE-401 CVE-2020-25644: A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes a A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. It may allow the attacker to cause OOM leading to a denial of service. The highest threat from this vulnerability is to system availability.

CVE-2020-10758 [HIGH] CWE-770 CVE-2020-10758: A vulnerability was found in Keycloak before 11.0.1 where DoS attack is possible by sending twenty r A vulnerability was found in Keycloak before 11.0.1 where DoS attack is possible by sending twenty requests simultaneously to the specified keycloak server, all with a Content-Length header value that exceeds the actual byte count of the request body.

CVE-2020-10748 [MEDIUM] CWE-79 CVE-2020-10748: A flaw was found in Keycloak's data filter, in version 10.0.1, where it allowed the processing of da A flaw was found in Keycloak's data filter, in version 10.0.1, where it allowed the processing of data URLs in some circumstances. This flaw allows an attacker to conduct cross-site scripting or further attacks.

CVE-2020-14307 [MEDIUM] CWE-404 CVE-2020-14307: A vulnerability was found in Wildfly's Enterprise Java Beans (EJB) versions shipped with Red Hat JBo A vulnerability was found in Wildfly's Enterprise Java Beans (EJB) versions shipped with Red Hat JBoss EAP 7, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unav

CVE-2020-14297 [MEDIUM] CWE-400 CVE-2020-14297: A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specif A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventaully unavailable. An attacker can take advantage and cause denial of service attack and make services unavailable.

CVE-2020-1714 [HIGH] CWE-20 CVE-2020-1714: A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInp A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potentially lead to remote code execution.

CVE-2020-1724 [MEDIUM] CWE-613 CVE-2020-1724: A flaw was found in Keycloak in versions before 9.0.2. This flaw allows a malicious user that is cur A flaw was found in Keycloak in versions before 9.0.2. This flaw allows a malicious user that is currently logged in, to see the personal information of a previously logged out user in the account manager section.

CVE-2020-1757 [HIGH] CWE-20 CVE-2020-1757: A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may lead to an application mapping resulting in the security bypass.

CVE-2019-14887 [CRITICAL] CWE-757 CVE-2019-14887: A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' val A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption. This could lead to a leak of the data being passed ov

CVE-2020-1697 [MEDIUM] CWE-79 CVE-2020-1697: It was found in all keycloak versions before 9.0.0 that links to external applications (Application It was found in all keycloak versions before 9.0.0 that links to external applications (Application Links) in the admin console are not validated properly and could allow Stored XSS attacks. An authed malicious user could create URLs to trick users in other realms, and possibly conduct further attacks.

CVE-2019-14888 [HIGH] CWE-400 CVE-2019-14888: A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening o A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.

CVE-2019-14885 [MEDIUM] CWE-532 CVE-2019-14885: A flaw was found in the JBoss EAP Vault system in all versions before 7.2.6.GA. Confidential informa A flaw was found in the JBoss EAP Vault system in all versions before 7.2.6.GA. Confidential information of the system property's security attribute value is revealed in the JBoss EAP log file when executing a JBoss CLI 'reload' command. This flaw can lead to the exposure of confidential information.

CVE-2019-14820 [MEDIUM] CWE-200 CVE-2019-14820: It was found that keycloak before version 8.0.0 exposes internal adapter endpoints in org.keycloak.c It was found that keycloak before version 8.0.0 exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL. This vulnerability could allow an attacker to access unauthorized information.

CVE-2019-14837 [CRITICAL] CWE-547 CVE-2019-14837: A flaw was found in keycloack before version 8.0.0. The owner of 'placeholder.org' domain can setup A flaw was found in keycloack before version 8.0.0. The owner of 'placeholder.org' domain can setup mail server on this domain and knowing only name of a client can reset password and then log in. For example, for client name 'test' the email address will be '[email protected]'.

CVE-2019-14843 [HIGH] CWE-592 CVE-2019-14843: A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests fo A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests for any requester. This flaw could be used by a malicious app deployed on the app server to access unauthorized information and possibly conduct further attacks. Versions shipped with Red Hat Jboss EAP 7 and Red Hat SSO 7 are vulnerable to this issue.