#VU97621 Improper verification of cryptographic signature in Keycloak - CVE-2024-8698
Published: September 20, 2024 / Updated: October 14, 2024
Vulnerability identifier: #VU97621
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/U:Green
CVE-ID: CVE-2024-8698
CWE-ID: CWE-347
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vulnerable software:
Keycloak
Keycloak
Software vendor:
Keycloak
Keycloak
Description
The vulnerability allows a remote user to escalate privileges within the application.
The vulnerability exists due to improper validation of SAML signature within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Reference element used to specify the signed element. A remote user can create crafted responses that bypass the validation, potentially leading to privilege escalation or impersonation attacks.
Remediation
Install updates from vendor's website.
External links
- https://bugzilla.redhat.com/show_bug.cgi?id=2311641
- https://github.com/keycloak/keycloak/blob/main/saml-core/src/main/java/org/keycloak/saml/processing/core/util/XMLSignatureUtil.java#L415
- https://github.com/advisories/GHSA-4xx7-2cx3-x473
- https://github.com/keycloak/keycloak/releases/tag/25.0.6
- https://github.com/keycloak/keycloak/security/advisories/GHSA-xgfv-xpx8-qhcr