A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Reference element used to specify the signed element. This flaw allows attackers to create crafted responses that can bypass the validation, potentially leading to privilege escalation or impersonation attacks.
History

Fri, 13 Dec 2024 02:30:00 +0000


Tue, 05 Nov 2024 03:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:jboss_enterprise_application_platform:8 cpe:/a:redhat:jboss_enterprise_application_platform:8.0
cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
References

Thu, 19 Sep 2024 20:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhosemc
CPEs cpe:/a:redhat:build_keycloak:22
cpe:/a:redhat:build_keycloak:22::el9
cpe:/a:redhat:build_keycloak:24
cpe:/a:redhat:build_keycloak:24::el9
cpe:/a:redhat:red_hat_single_sign_on:7.6
cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
cpe:/a:redhat:rhosemc:1.0::el8
Vendors & Products Redhat rhosemc
References

Thu, 19 Sep 2024 19:30:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Important


Thu, 19 Sep 2024 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 19 Sep 2024 16:00:00 +0000

Type Values Removed Values Added
Description A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Reference element used to specify the signed element. This flaw allows attackers to create crafted responses that can bypass the validation, potentially leading to privilege escalation or impersonation attacks.
Title Keycloak-saml-core: improper verification of saml responses leading to privilege escalation in keycloak
First Time appeared Redhat
Redhat build Keycloak
Redhat jboss Enterprise Application Platform
Redhat red Hat Single Sign On
Weaknesses CWE-347
CPEs cpe:/a:redhat:build_keycloak:
cpe:/a:redhat:jboss_enterprise_application_platform:8
cpe:/a:redhat:red_hat_single_sign_on:7
Vendors & Products Redhat
Redhat build Keycloak
Redhat jboss Enterprise Application Platform
Redhat red Hat Single Sign On
References
Metrics cvssV3_1

{'score': 7.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-09-19T15:48:18.464Z

Updated: 2024-12-13T14:15:19.702Z

Reserved: 2024-09-11T12:55:53.092Z

Link: CVE-2024-8698

cve-icon Vulnrichment

Updated: 2024-09-19T17:57:02.926Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-09-19T16:15:06.177

Modified: 2024-12-12T20:15:22.150

Link: CVE-2024-8698

cve-icon Redhat

Severity : Important

Publid Date: 2024-09-19T15:12:00Z

Links: CVE-2024-8698 - Bugzilla