Threats Tagged 'cve-2024-8883'

Red Hat Single Sign-On 7. 6. 11 for RHEL 7 addresses two security vulnerabilities: an improper verification of SAML responses that could lead to privilege escalation (CVE-2024-8698) and a vulnerable redirect URI validation resulting in an open redirect (CVE-2024-8883). These issues were fixed in this update, which replaces version 7. 6. 10. Red Hat has rated the update as important and classified the security impact as none in their advisory, but the vulnerabilities themselves are considered high severity. No CVSS scores are provided in the advisory. The update includes bug fixes and enhancements documented in the release notes. Users should apply this update after ensuring all prior relevant errata are installed.

Red Hat Single Sign-On 7. 6. 11 for RHEL 9 addresses two security vulnerabilities: improper verification of SAML responses that could lead to privilege escalation (CVE-2024-8698) and vulnerable redirect URI validation resulting in open redirect issues (CVE-2024-8883). These vulnerabilities affect authentication and authorization mechanisms in the Keycloak-based SSO server. Red Hat has released this update to fix these issues and recommends applying it after ensuring all prior errata are installed. No known exploits in the wild have been reported at this time.

Red Hat Single Sign-On 7. 6. 11 for RHEL 8 addresses two security vulnerabilities: an improper verification of SAML responses that could lead to privilege escalation (CVE-2024-8698) and a vulnerable redirect URI validation resulting in an open redirect (CVE-2024-8883). These issues affect the authentication and single sign-on capabilities provided by the product. Red Hat has released this update as a replacement for version 7. 6. 10, including bug fixes and enhancements. The vendor rates the security impact of this update as none, indicating no direct impact on Red Hat's assessment, but the vulnerabilities themselves are classified as high severity. No explicit CVSS scores are provided in the advisory. Users are advised to apply this update after ensuring all previous errata are applied.

Red Hat Single Sign-On 7. 6. 11 for OpenShift contains two security vulnerabilities: improper verification of SAML responses leading to privilege escalation (CVE-2024-8698) and vulnerable redirect URI validation resulting in an open redirect (CVE-2024-8883). These issues affect the authentication server component used for centralized login and user management in OpenShift containerized environments. Red Hat has released an updated image to address these vulnerabilities for OpenShift Container Platform versions 3. 10, 3. 11, and 4. 3. The update aligns with the standalone product release and is intended for on-premise or private cloud deployments. No known exploits in the wild have been reported.

Red Hat Single Sign-On 7. 6. 11 addresses two security vulnerabilities in the Keycloak-based authentication server. The first vulnerability (CVE-2024-8698) involves improper verification of SAML responses that could lead to privilege escalation. The second vulnerability (CVE-2024-8883) concerns vulnerable redirect URI validation resulting in an open redirect issue. These vulnerabilities have been rated with an important security impact by Red Hat. The update replaces version 7. 6. 10 and includes bug fixes and enhancements. Users are advised to back up their installations before applying the update.

Red Hat has released updated container images for the Red Hat build of Keycloak 24. 0. 8 to address two security vulnerabilities. The first vulnerability (CVE-2024-8698) involves improper verification of SAML responses that could lead to privilege escalation. The second vulnerability (CVE-2024-8883) concerns vulnerable redirect URI validation resulting in an open redirect issue. These updates are intended for use within the OpenShift Container Platform for on-premise or private cloud deployments. The advisory recommends backing up existing installations before applying the update. No known exploits in the wild have been reported at this time.

Red Hat has released updated images for the Red Hat build of Keycloak 22. 0. 13 addressing two security vulnerabilities. The first vulnerability (CVE-2024-8698) involves improper verification of SAML responses that could lead to privilege escalation. The second vulnerability (CVE-2024-8883) concerns vulnerable redirect URI validation resulting in an open redirect issue. These updates are intended for use within the OpenShift Container Platform for on-premise or private cloud deployments. The advisory recommends backing up existing installations before applying the update.

Red Hat has released an important security update for Red Hat build of Keycloak 22. 0. 13, addressing two vulnerabilities: CVE-2024-8698, an improper verification of SAML responses that can lead to privilege escalation, and CVE-2024-8883, a vulnerable redirect URI validation resulting in an open redirect issue. These vulnerabilities affect authentication and single sign-on capabilities provided by Keycloak. The update replaces Red Hat Single Sign-On 7. 6 and includes bug fixes and enhancements. Users are advised to back up their installations before applying the update.

Red Hat has released an important security advisory for the Red Hat build of Keycloak 24. 0. 8 addressing two vulnerabilities: CVE-2024-8698, which involves improper verification of SAML responses that can lead to privilege escalation, and CVE-2024-8883, which concerns vulnerable redirect URI validation resulting in open redirect issues. These vulnerabilities affect the authentication and single sign-on capabilities of Keycloak. The advisory recommends updating to the fixed version 24. 0. 8 and backing up existing installations before applying the update.

A moderate severity vulnerability (CVE-2024-8883) affecting Red Hat JBoss Enterprise Application Platform 8. 0 has been identified. The issue involves vulnerable redirect URI validation in the Keycloak services component, leading to an open redirect vulnerability. Red Hat has released an asynchronous security update (JBoss Enterprise Application Platform 8. 0 Update 4. 1) addressing this issue. Users are advised to apply this update after ensuring all previous errata are applied and backing up their systems. No known exploits in the wild have been reported at this time.