Red Hat Single Sign-On 7.5 on RHEL 8 update for keycloak



Published: 2022-10-05
Risk Critical
Patch available YES
Number of vulnerabilities 8
CVE-ID CVE-2020-36518
CVE-2021-42392
CVE-2021-43797
CVE-2022-0084
CVE-2022-0225
CVE-2022-0866
CVE-2022-2256
CVE-2022-2668
CWE-ID CWE-787
CWE-502
CWE-444
CWE-770
CWE-79
CWE-863
CWE-264
Exploitation vector Network
Public exploit Public exploit code for vulnerability #2 is available.
Vulnerable software
Subscribe
rh-sso7-keycloak (Red Hat package)
Operating systems & Components / Operating system package or component

Red Hat Single Sign-On
Server applications / Directory software, identity management

Vendor Red Hat Inc.

Security Bulletin

This security bulletin contains information about 8 vulnerabilities.

1) Out-of-bounds write

EUVDB-ID: #VU61799

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-36518

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trigger out-of-bounds write and cause a denial of service condition on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-sso7-keycloak (Red Hat package): 15.0.4-1.redhat_00003.1.el8sso - 15.0.6-1.redhat_00002.1.el8sso

Red Hat Single Sign-On: 7.5.0 - 7.5.2

External links

http://access.redhat.com/errata/RHSA-2022:6783


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Deserialization of Untrusted Data

EUVDB-ID: #VU61937

Risk: Critical

CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2021-42392

CWE-ID: CWE-502 - Deserialization of Untrusted Data

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insecure input validation when processing serialized data within the org.h2.util.JdbcUtils.getConnection method. A remote attacker can pass a JNDI driver name and a URL leading to a LDAP or RMI servers and execute arbitrary code on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-sso7-keycloak (Red Hat package): 15.0.4-1.redhat_00003.1.el8sso - 15.0.6-1.redhat_00002.1.el8sso

Red Hat Single Sign-On: 7.5.0 - 7.5.2

External links

http://access.redhat.com/errata/RHSA-2022:6783


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

3) Inconsistent interpretation of HTTP requests

EUVDB-ID: #VU61810

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-43797

CWE-ID: CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

Exploit availability: No

Description

The vulnerability allows a remote attacker to preform HTTP request smuggling attacks.

The vulnerability exists due to improper validation of HTTP requests when processing control chars present at the beginning / end of the header name. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.

Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-sso7-keycloak (Red Hat package): 15.0.4-1.redhat_00003.1.el8sso - 15.0.6-1.redhat_00002.1.el8sso

Red Hat Single Sign-On: 7.5.0 - 7.5.2

External links

http://access.redhat.com/errata/RHSA-2022:6783


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Allocation of Resources Without Limits or Throttling

EUVDB-ID: #VU63159

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0084

CWE-ID: CWE-770 - Allocation of Resources Without Limits or Throttling

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to notifyReadClosed method from main/java/org/xnio/StreamConnection.java logs data into debug log instead of stderr. As a result, an attacker can trigger the application to log enormous amount of data and consume all available space.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-sso7-keycloak (Red Hat package): 15.0.4-1.redhat_00003.1.el8sso - 15.0.6-1.redhat_00002.1.el8sso

Red Hat Single Sign-On: 7.5.0 - 7.5.2

External links

http://access.redhat.com/errata/RHSA-2022:6783


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Cross-site scripting

EUVDB-ID: #VU67936

Risk: Low

CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0225

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data passed via the group name while creating a new group from the admin console. A remote privileged user can inject and execute arbitrary HTML and JavaScript code in victim's browser.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-sso7-keycloak (Red Hat package): 15.0.4-1.redhat_00003.1.el8sso - 15.0.6-1.redhat_00002.1.el8sso

Red Hat Single Sign-On: 7.5.0 - 7.5.2

External links

http://access.redhat.com/errata/RHSA-2022:6783


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Incorrect authorization

EUVDB-ID: #VU64037

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0866

CWE-ID: CWE-863 - Incorrect Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect authorization. The vulnerability can lead to possible disclosure of the wrong caller principal that can be returned from EJBComponent#getCallerPrincipal.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-sso7-keycloak (Red Hat package): 15.0.4-1.redhat_00003.1.el8sso - 15.0.6-1.redhat_00002.1.el8sso

Red Hat Single Sign-On: 7.5.0 - 7.5.2

External links

http://access.redhat.com/errata/RHSA-2022:6783


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Stored cross-site scripting

EUVDB-ID: #VU67933

Risk: Low

CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-2256

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data when handling roles functionality in the admin console. The vulnerability allows a privileged user to inject and execute arbitrary HTML and JavaScript code in victim's browser.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-sso7-keycloak (Red Hat package): 15.0.4-1.redhat_00003.1.el8sso - 15.0.6-1.redhat_00002.1.el8sso

Red Hat Single Sign-On: 7.5.0 - 7.5.2

External links

http://access.redhat.com/errata/RHSA-2022:6783


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU67935

Risk: Low

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-2668

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote user to bypass implemented security restrictions.

The vulnerability exists due to application allows to upload an arbitrary JavaScript for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled. A remote user can upload a potentially dangerous file and perform XSS attacks.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-sso7-keycloak (Red Hat package): 15.0.4-1.redhat_00003.1.el8sso - 15.0.6-1.redhat_00002.1.el8sso

Red Hat Single Sign-On: 7.5.0 - 7.5.2

External links

http://access.redhat.com/errata/RHSA-2022:6783


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###