Flaw in SAML Signature Validation Method Allows Privilege Escalation or Impersonation Attacks
CVE-2024-8698
Key Information:
- Vendor
- Red Hat
- Status
- Vendor
- CVE Published:
- 19 September 2024
Badges
Summary
CVE-2024-8698 is a privilege escalation and impersonation vulnerability located in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The vulnerability allows attackers to create crafted responses that can bypass validation, potentially leading to privilege escalation or impersonation attacks. The impact of the exploitation can have a high impact on confidentiality, with lower impacts on integrity and availability. The vulnerability is addressed in Keycloak version 25.0.6 and organizations using Keycloak are strongly recommended to install updates as soon as possible. It is also recommended to implement updates from other vendors who rely on Keycloak for identity and access management. Upgrading to the newest version may provide safety from future exploitation, but it does not remediate historic compromise. At the time of reporting, no active exploitation of this vulnerability by ransomware groups was reported.
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
Get notified when SecurityVulnerability.io launches alerting π
Well keep you posted π§
News Articles
WARNING: HIGH VULNERABILITY IN KEYCLOAK COULD LEAD TO PRIVILEGE ESCALATION AND IMPERSONATION. PATCH IMMEDIATELY!
CVE-2024-8698 is a privilege escalation and impersonation vulnerability located in the SAML signature validation method within the Keycloak XMLSignatureUtil
4 months ago
References
CVSS V3.1
Timeline
- π‘
Public PoC available
- πΎ
Exploit known to exist
- π°
First article discovered by | Cert
Vulnerability published
Vulnerability Reserved