Redhat Single Sign-On vulnerabilities

CVE-2019-14838 [MEDIUM] CWE-284 CVE-2019-14838: A flaw was found in wildfly-core before 7.2.5.GA. The Management users with Monitor, Auditor and Dep A flaw was found in wildfly-core before 7.2.5.GA. The Management users with Monitor, Auditor and Deployer Roles should not be allowed to modify the runtime state of the server

CVE-2019-10212 [CRITICAL] CWE-532 CVE-2019-10212: A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. I A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files.

CVE-2019-10201 [HIGH] CWE-592 CVE-2019-10201: It was found that Keycloak's SAML broker, versions up to 6.0.1, did not verify missing message signa It was found that Keycloak's SAML broker, versions up to 6.0.1, did not verify missing message signatures. If an attacker modifies the SAML Response and removes the sections, the message is still accepted, and the message can be modified. An attacker could use this flaw to impersonate other users and gain access to sensitive information.

CVE-2019-9515 [HIGH] CWE-400 CVE-2019-9515: Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of s Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently th

CVE-2019-9514 [HIGH] CWE-400 CVE-2019-9514: Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of serv Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both

CVE-2019-14379 [CRITICAL] CWE-1321 CVE-2019-14379: SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when eh SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.

CVE-2019-10184 [HIGH] CWE-862 CVE-2019-10184: undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have t undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api.

CVE-2019-3873 [CRITICAL] CWE-79 CVE-2019-3873: It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. An attacker could use this flaw to send a URL to achieve cross-site scripting or possibly conduct further attacks.

CVE-2019-3875 [MEDIUM] CWE-295 CVE-2019-3875: A vulnerability was found in keycloak before 6.0.2. The X.509 authenticator supports the verificatio A vulnerability was found in keycloak before 6.0.2. The X.509 authenticator supports the verification of client certificates through the CRL, where the CRL list can be obtained from the URL provided in the certificate itself (CDP) or through the separately configured path. The CRL are often available over the network through unsecured protocols ('http

CVE-2019-10157 [MEDIUM] CWE-345 CVE-2019-10157: It was found that Keycloak's Node.js adapter before version 4.8.3 did not properly verify the web to It was found that Keycloak's Node.js adapter before version 4.8.3 did not properly verify the web token received from the server in its backchannel logout . An attacker with local access could use this to construct a malicious web token setting an NBF parameter that could prevent user access indefinitely.

CVE-2019-3872 [MEDIUM] CWE-79 CVE-2019-3872: It was found that a SAMLRequest containing a script could be processed by Picketlink versions shippe It was found that a SAMLRequest containing a script could be processed by Picketlink versions shipped in Jboss Application Platform 7.2.x and 7.1.x. An attacker could use this to send a malicious script to achieve cross-site scripting and obtain unauthorized information or conduct further attacks.

CVE-2018-10934 [MEDIUM] CWE-79 CVE-2018-10934: A cross-site scripting (XSS) vulnerability was found in the JBoss Management Console versions before A cross-site scripting (XSS) vulnerability was found in the JBoss Management Console versions before 7.1.6.CR1, 7.1.6.GA. Users with roles that can create objects in the application can exploit this to attack other privileged users.

CVE-2018-12023 [HIGH] CWE-502 CVE-2018-12023: An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When De An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.

CVE-2018-12022 [HIGH] CWE-502 CVE-2018-12022: An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When De An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the servic

CVE-2018-14657 [HIGH] CWE-307 CVE-2018-14657: A flaw was found in Keycloak 4.2.1.Final, 4.3.0.Final. When TOPT enabled, an improper implementation A flaw was found in Keycloak 4.2.1.Final, 4.3.0.Final. When TOPT enabled, an improper implementation of the Brute Force detection algorithm will not enforce its protection measures.

CVE-2018-14655 [MEDIUM] CWE-79 CVE-2018-14655: A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final. When using 'response_mode=form_p A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final. When using 'response_mode=form_post' it is possible to inject arbitrary Javascript-Code via the 'state'-parameter in the authentication URL. This allows an XSS-Attack upon succesfully login.

CVE-2018-10894 [MEDIUM] CWE-345 CVE-2018-10894: It was found that SAML authentication in Keycloak 3.4.3.Final incorrectly authenticated expired cert It was found that SAML authentication in Keycloak 3.4.3.Final incorrectly authenticated expired certificates. A malicious user could use this to access unauthorized data or possibly conduct further attacks.

CVE-2018-10912 [MEDIUM] CWE-835 CVE-2018-10912: keycloak before version 4.0.0.final is vulnerable to a infinite loop in session replacement. A Keycl keycloak before version 4.0.0.final is vulnerable to a infinite loop in session replacement. A Keycloak cluster with multiple nodes could mishandle an expired session replacement and lead to an infinite loop. A malicious authenticated user could use this flaw to achieve Denial of Service on the server.