Metrics
Affected Vendors & Products
Fri, 20 Sep 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat build Of Keycloak
Redhat enterprise Linux Redhat keycloak Redhat single Sign-on |
|
CPEs | cpe:2.3:a:redhat:build_of_keycloak:*:*:*:*:*:*:*:* cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:* cpe:2.3:a:redhat:single_sign-on:*:*:*:*:*:*:*:* cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:* cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* |
|
Vendors & Products |
Redhat build Of Keycloak
Redhat enterprise Linux Redhat keycloak Redhat single Sign-on |
Wed, 18 Sep 2024 08:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:build_keycloak:24 |
Mon, 09 Sep 2024 20:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
ssvc
|
Mon, 09 Sep 2024 19:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
ssvc
|
Mon, 09 Sep 2024 19:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin option is configured. This flaw allows an attacker who hijacks the current session before authentication to trigger session fixation. | |
Title | Wildfly-elytron: org.keycloak/keycloak-services: session fixation in elytron saml adapters | |
First Time appeared |
Redhat
Redhat build Keycloak Redhat jboss Enterprise Application Platform Redhat red Hat Single Sign On Redhat rhosemc |
|
Weaknesses | CWE-384 | |
CPEs | cpe:/a:redhat:build_keycloak:22 cpe:/a:redhat:build_keycloak:22::el9 cpe:/a:redhat:build_keycloak:24::el9 cpe:/a:redhat:jboss_enterprise_application_platform:8 cpe:/a:redhat:red_hat_single_sign_on:7.6 cpe:/a:redhat:red_hat_single_sign_on:7.6::el7 cpe:/a:redhat:red_hat_single_sign_on:7.6::el8 cpe:/a:redhat:red_hat_single_sign_on:7.6::el9 cpe:/a:redhat:rhosemc:1.0::el8 |
|
Vendors & Products |
Redhat
Redhat build Keycloak Redhat jboss Enterprise Application Platform Redhat red Hat Single Sign On Redhat rhosemc |
|
References |
|
|
Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: redhat
Published: 2024-09-09T18:51:13.537Z
Updated: 2024-11-24T18:42:22.512Z
Reserved: 2024-07-31T15:13:22.220Z
Link: CVE-2024-7341
Updated: 2024-09-09T19:05:21.511Z
Status : Analyzed
Published: 2024-09-09T19:15:14.450
Modified: 2024-10-04T12:48:43.523
Link: CVE-2024-7341