Red Hat Product Errata RHSA-2024:6890 - Security Advisory
Issued:
2024-09-19
Updated:
2024-09-19

RHSA-2024:6890 - Security Advisory

Synopsis

Important: Red Hat build of Keycloak 24.0.8 Update

Type/Severity

Security Advisory: Important

Topic

New Red Hat build of Keycloak 24.0.8 packages with security impact Important are available from the Customer Portal

Description

Red Hat build of Keycloak 24.0.8 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.

Security fixes:

  • Improper Verification of SAML Responses Leading to Privilege Escalation in Keycloak (CVE-2024-8698)
  • Vulnerable Redirect URI Validation Results in Open Redirec (CVE-2024-8883)

Solution

Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.

Affected Products

  • Red Hat build of Keycloak Text-only Advisories x86_64

Fixes

  • BZ - 2311641 - CVE-2024-8698 keycloak-saml-core: Improper Verification of SAML Responses Leading to Privilege Escalation in Keycloak
  • BZ - 2312511 - CVE-2024-8883 Keycloak: Vulnerable Redirect URI Validation Results in Open Redirec

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.