This advisory covers security fixes in Red Hat build of Keycloak 24.0.8 images used on OpenShift Container Platform. The key vulnerabilities addressed are CVE-2024-8698, which is an improper verification of SAML responses that can lead to privilege escalation, and CVE-2024-8883, which involves vulnerable redirect URI validation causing an open redirect vulnerability. Red Hat has released new container images aligned with the standalone Keycloak 24.0.8 product release to remediate these issues. The update applies to on-premise or private cloud deployments using Red Hat's Keycloak container images and operator. The vendor advisory does not explicitly state the patch availability field but provides updated images as the fix.

Successful exploitation of CVE-2024-8698 could allow an attacker to escalate privileges by exploiting improper verification of SAML responses. CVE-2024-8883 could enable an attacker to perform open redirect attacks due to insufficient validation of redirect URIs. Both vulnerabilities affect authentication and authorization mechanisms, potentially compromising user session integrity and security. No known active exploitation has been reported. The impact is considered high due to the nature of privilege escalation and open redirect vulnerabilities in an authentication server.

Red Hat has released updated container images for Red Hat build of Keycloak 24.0.8 that address these vulnerabilities. Users should back up their existing installations, including applications, configurations, and databases, before applying the update. Deploy the updated Keycloak 24.0.8 images and operator on OpenShift Container Platform as provided by Red Hat. Since this is not a cloud service, remediation is the responsibility of the user applying the updated images. Patch status is confirmed by the vendor advisory indicating new images are available as the fix.