Multiple vulnerabilities in Red Hat Keycloak

Published: 2017-01-11

Risk	Low
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2016-8629
CWE-ID	CWE-264
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	Keycloak Server applications / Directory software, identity management
Vendor	Keycloak

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Security restrictions bypass

EUVDB-ID: #VU11133

Risk: Low

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2016-8629

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to bypass security restrictions on the target system.

The weakness exists due to improper permission checks when handling service account user deletion requests. A remote attacker can send a service account user deletion request, bypass permission checks and perform unauthorized actions, such as deleting other user accounts.

Mitigation

Update to version 2.4.0.

Vulnerable software versions

Keycloak: 0.6.0 - 2.3.0

CPE2.3

cpe:2.3:a:keycloak:keycloak:*:*:*:*:*:*:*:*

External links

https://github.com/keycloak/keycloak/releases

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.