- Issued:
- 2024-09-19
- Updated:
- 2024-09-19
RHSA-2024:6888 - Security Advisory
Synopsis
Important: Red Hat build of Keycloak 22.0.13 Update
Type/Severity
Security Advisory: Important
Topic
New Red Hat build of Keycloak 22.0.13 packages with security impact Important are available from the Customer Portal
Description
Red Hat build of Keycloak 22.0.13 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat build of Keycloak 22.0.13 serves as a replacement for Red Hat Single Sign-On 7.6, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security fixes:
- Improper Verification of SAML Responses Leading to Privilege Escalation in Keycloak (CVE-2024-8698)
- Vulnerable Redirect URI Validation Results in Open Redirec (CVE-2024-8883)
Solution
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
Affected Products
- Red Hat build of Keycloak Text-only Advisories x86_64
Fixes
- BZ - 2311641 - CVE-2024-8698 keycloak-saml-core: Improper Verification of SAML Responses Leading to Privilege Escalation in Keycloak
- BZ - 2312511 - CVE-2024-8883 Keycloak: Vulnerable Redirect URI Validation Results in Open Redirec
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.