CVE-2018-14655 – keycloak: XSS-Vulnerability with response_mode=form_post
https://notcve.org/view.php?id=CVE-2018-14655
A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final. When using 'response_mode=form_post' it is possible to inject arbitrary Javascript-Code via the 'state'-parameter in the authentication URL. This allows an XSS-Attack upon succesfully login. Se ha descubierto un error en Keycloak 3.4.3.Final, 4.0.0.Beta2 y 4.3.0.Final. Al emplear "response_mode=form_post", es posible inyectar código JavaScript arbitrario mediante el parámetro "state" en la URL de autenticación. • https://access.redhat.com/errata/RHSA-2018:3592 https://access.redhat.com/errata/RHSA-2018:3593 https://access.redhat.com/errata/RHSA-2018:3595 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14655 https://access.redhat.com/security/cve/CVE-2018-14655 https://bugzilla.redhat.com/show_bug.cgi?id=1625396 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-10894 – keycloak: auth permitted with expired certs in SAML client
https://notcve.org/view.php?id=CVE-2018-10894
It was found that SAML authentication in Keycloak 3.4.3.Final incorrectly authenticated expired certificates. A malicious user could use this to access unauthorized data or possibly conduct further attacks. Se ha descubierto que la autenticación SAML en Keycloak 3.4.3.Final autenticaba incorrectamente los certificados caducados. Un usuario malicioso podría aprovecharse de esto para acceder a datos no autorizados o, posiblemente, llevar a cabo más ataques. • https://access.redhat.com/errata/RHSA-2018:3592 https://access.redhat.com/errata/RHSA-2018:3593 https://access.redhat.com/errata/RHSA-2018:3595 https://access.redhat.com/errata/RHSA-2019:0877 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10894 https://access.redhat.com/security/cve/CVE-2018-10894 https://bugzilla.redhat.com/show_bug.cgi?id=1599434 • CWE-295: Improper Certificate Validation CWE-345: Insufficient Verification of Data Authenticity •
CVE-2018-10912 – keycloak: infinite loop in session replacement leading to denial of service
https://notcve.org/view.php?id=CVE-2018-10912
keycloak before version 4.0.0.final is vulnerable to a infinite loop in session replacement. A Keycloak cluster with multiple nodes could mishandle an expired session replacement and lead to an infinite loop. A malicious authenticated user could use this flaw to achieve Denial of Service on the server. keycloak en versiones anteriores a la 4.0.0.final es vulnerable a un bucle infinito en el reemplazo de sesiones. Un clúster de Keycloak con múltiples nodos podría gestionar erróneamente un reemplazo de sesión erróneo y conducir a un bucle infinito. Un usuario autenticado malicioso podría emplear este error para lograr una denegación de servicio (DoS) en el servidor. • https://access.redhat.com/errata/RHSA-2018:2428 https://access.redhat.com/errata/RHSA-2019:0877 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10912 https://access.redhat.com/security/cve/CVE-2018-10912 https://bugzilla.redhat.com/show_bug.cgi?id=1607624 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2017-2585 – keycloak: timing attack in JWS signature verification
https://notcve.org/view.php?id=CVE-2017-2585
Red Hat Keycloak before version 2.5.1 has an implementation of HMAC verification for JWS tokens that uses a method that runs in non-constant time, potentially leaving the application vulnerable to timing attacks. Red Hat Keycloak, en versiones anteriores a la 2.5.1, tiene una implementación de la verificación HMAC para los tokens JWS que emplea un método que se ejecuta en tiempo no constante, lo que podría hacer que la aplicación sea vulnerable a ataques de sincronización. It was found that keycloak's implementation of HMAC verification for JWS tokens uses a method that runs in non-constant time, potentially leaving the application vulnerable to timing attacks. • http://rhn.redhat.com/errata/RHSA-2017-0876.html http://www.securityfocus.com/bid/97393 http://www.securitytracker.com/id/1038180 https://access.redhat.com/errata/RHSA-2017:0872 https://access.redhat.com/errata/RHSA-2017:0873 https://bugzilla.redhat.com/show_bug.cgi?id=1412376 https://access.redhat.com/security/cve/CVE-2017-2585 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-385: Covert Timing Channel •
CVE-2016-8629 – keycloak: user deletion via incorrect permissions check
https://notcve.org/view.php?id=CVE-2016-8629
Red Hat Keycloak before version 2.4.0 did not correctly check permissions when handling service account user deletion requests sent to the rest server. An attacker with service account authentication could use this flaw to bypass normal permissions and delete users in a separate realm. Red Hat Keycloak, en versiones anteriores a la 2.4.0, no comprobaba correctamente los permisos al gestionar peticiones de eliminación de usuario de cuenta de servicio enviadas al servidor REST. Un atacante con autenticación de cuenta de servicio podría aprovechar este fallo para omitir permisos normales y eliminar usuarios en un realm separado. It was found that keycloak did not correctly check permissions when handling service account user deletion requests sent to the rest server. • http://rhn.redhat.com/errata/RHSA-2017-0876.html http://www.securityfocus.com/bid/97392 http://www.securitytracker.com/id/1038180 https://access.redhat.com/errata/RHSA-2017:0872 https://access.redhat.com/errata/RHSA-2017:0873 https://bugzilla.redhat.com/show_bug.cgi?id=1388988 https://access.redhat.com/security/cve/CVE-2016-8629 • CWE-264: Permissions, Privileges, and Access Controls CWE-284: Improper Access Control •