Red Hat Single Sign-On 7.6.11 for RHEL 8, based on the Keycloak project, fixes two security vulnerabilities: CVE-2024-8698, which involves improper verification of SAML responses that could allow privilege escalation, and CVE-2024-8883, which involves vulnerable redirect URI validation leading to an open redirect vulnerability. These vulnerabilities relate to authentication mechanisms and could potentially be exploited to escalate privileges or redirect users to malicious sites. The update replaces version 7.6.10 and includes these security fixes along with other bug fixes and enhancements. Red Hat's official advisory (RHSA-2024:6879) provides the authoritative guidance and package updates for remediation.

The vulnerabilities could allow an attacker to escalate privileges through improper SAML response verification or perform open redirect attacks via vulnerable URI validation. This could compromise authentication integrity and redirect users to malicious sites. However, Red Hat rates the security impact of the update as none, which may indicate that the update addresses theoretical or low-likelihood risks or that the impact is mitigated in the Red Hat environment. There are no known exploits in the wild at this time.

Red Hat has released updated packages for Red Hat Single Sign-On 7.6.11 on RHEL 8 that address these vulnerabilities. Users should apply this update after ensuring all previously released errata relevant to their system have been applied. Detailed update instructions are available in Red Hat's documentation. Since this is not a cloud service, remediation requires applying the updated packages on affected systems. No additional mitigation steps are indicated by the vendor advisory.