Flaw in SAML Signature Validation Method Allows Privilege Escalation or Impersonation Attacks

CVE-2024-8698

7.7HIGH

Key Information

Vendor
Red Hat
Status
Red Hat Build Of Keycloak
Red Hat Build Of Keycloak 22
Red Hat Build Of Keycloak 24
Red Hat Jboss Enterprise Application Platform 8
Vendor
CVE Published:
19 September 2024

Badges

👾 Exploit Exists🔴 Public PoC📰 News Worthy

Summary

CVE-2024-8698 is a privilege escalation and impersonation vulnerability located in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The vulnerability allows attackers to create crafted responses that can bypass validation, potentially leading to privilege escalation or impersonation attacks. The impact of the exploitation can have a high impact on confidentiality, with lower impacts on integrity and availability. The vulnerability is addressed in Keycloak version 25.0.6 and organizations using Keycloak are strongly recommended to install updates as soon as possible. It is also recommended to implement updates from other vendors who rely on Keycloak for identity and access management. Upgrading to the newest version may provide safety from future exploitation, but it does not remediate historic compromise. At the time of reporting, no active exploitation of this vulnerability by ransomware groups was reported.

Affected Version(s)

Red Hat build of Keycloak 22 <= 22.0.13-1

Red Hat build of Keycloak 22 <= 22-18

Red Hat build of Keycloak 22 <= 22-21

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-8698-POC
Created by huydoppaz

News Articles

favicon image| Cert

WARNING: HIGH VULNERABILITY IN KEYCLOAK COULD LEAD TO PRIVILEGE ESCALATION AND IMPERSONATION. PATCH IMMEDIATELY!

CVE-2024-8698 is a privilege escalation and impersonation vulnerability located in the SAML signature validation method within the Keycloak XMLSignatureUtil

3 months ago

Refferences

https://access.redhat.com/errata/RHSA-2024:6878
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:6879
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:6880
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:6882
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:6886
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:6887
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:6888
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:6889
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:6890
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8823
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8824
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8826
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-8698
vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2311641
issue-trackingx_refsource_REDHAT
https://github.com/keycloak/keycloak/blob/main/saml-core/...

CVSS V3.1

Score:
7.7
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • 🔴

    Public PoC available

  • 👾

    Exploit known to exist

  • First article discovered by | Cert

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database1 Proof of Concept(s)1 News Article(s)

Credit

Red Hat would like to thank Tanner Emek for reporting this issue.
.