Improper verification of cryptographic signature in Keycloak - CVE-2024-8698
Published: September 20, 2024 / Updated: October 14, 2024
Vulnerability identifier: #VU97621
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/U:Green
CVE-ID: CVE-2024-8698
CWE-ID: CWE-347
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vendor: Keycloak
Affected software:
Keycloak
Keycloak
Detailed vulnerability description
The vulnerability allows a remote user to escalate privileges within the application.
The vulnerability exists due to improper validation of SAML signature within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Reference element used to specify the signed element. A remote user can create crafted responses that bypass the validation, potentially leading to privilege escalation or impersonation attacks.
How to mitigate CVE-2024-8698
Install updates from vendor's website.
Sources
- https://bugzilla.redhat.com/show_bug.cgi?id=2311641
- https://github.com/keycloak/keycloak/blob/main/saml-core/src/main/java/org/keycloak/saml/processing/core/util/XMLSignatureUtil.java#L415
- https://github.com/advisories/GHSA-4xx7-2cx3-x473
- https://github.com/keycloak/keycloak/releases/tag/25.0.6
- https://github.com/keycloak/keycloak/security/advisories/GHSA-xgfv-xpx8-qhcr