Flaw in SAML Signature Validation Method Allows Privilege Escalation or Impersonation Attacks
Key Information
- Vendor
- Red Hat
- Status
- Red Hat Build Of Keycloak
- Red Hat Build Of Keycloak 22
- Red Hat Build Of Keycloak 24
- Red Hat Jboss Enterprise Application Platform 8
- Vendor
- CVE Published:
- 19 September 2024
Badges
Summary
CVE-2024-8698 is a privilege escalation and impersonation vulnerability located in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The vulnerability allows attackers to create crafted responses that can bypass validation, potentially leading to privilege escalation or impersonation attacks. The impact of the exploitation can have a high impact on confidentiality, with lower impacts on integrity and availability. The vulnerability is addressed in Keycloak version 25.0.6 and organizations using Keycloak are strongly recommended to install updates as soon as possible. It is also recommended to implement updates from other vendors who rely on Keycloak for identity and access management. Upgrading to the newest version may provide safety from future exploitation, but it does not remediate historic compromise. At the time of reporting, no active exploitation of this vulnerability by ransomware groups was reported.
Affected Version(s)
Red Hat build of Keycloak 22 <= 22.0.13-1
Red Hat build of Keycloak 22 <= 22-18
Red Hat build of Keycloak 22 <= 22-21
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
EPSS Score
1% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 👾
Exploit exists.
First article discovered by | Cert
Risk change from: null to: 7.7 - (HIGH)
Vulnerability published.
Vulnerability Reserved.
Reported to Red Hat.