CVE-2024-0560

Apicast: use_3scale_oidc_issuer_endpoint of token introspection policy isn't compatible with rh-sso 7.5 or later versions

Severity Score

6.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

A vulnerability was found in 3Scale, when used with Keycloak 15 (or RHSSO 7.5.0) and superiors. When the auth_type is use_3scale_oidc_issuer_endpoint, the Token Introspection policy discovers the Token Introspection endpoint from the token_introspection_endpoint field, but the field was removed on RH-SSO 7.5. As a result, the policy doesn't inspect tokens, it determines that all tokens are valid.

Se encontró una vulnerabilidad en 3Scale, cuando se usa con Keycloak 15 (o RHSSO 7.5.0) y superiores. Cuando auth_type es use_3scale_oidc_issuer_endpoint, la política de Token Introspection descubre el endpoint de Token Introspection desde el campo token_introspection_endpoint, pero el campo se eliminó en RH-SSO 7.5. Como resultado, la política no inspecciona los tokens, sino que determina que todos los tokens son válidos.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-01-15 CVE Reserved
2024-02-28 CVE Published
2025-02-07 CVE Updated
2025-03-06 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-280: Improper Handling of Insufficient Permissions or Privileges

CAPEC

References (3)

URL	Tag	Source
https://access.redhat.com/security/cve/CVE-2024-0560	Vdb Entry
https://bugzilla.redhat.com/show_bug.cgi?id=2258456	Issue Tracking
https://github.com/3scale/APIcast/pull/1438

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Redhat Search vendor "Redhat"		3scale Search vendor "Redhat" for product "3scale"				*		-		Affected
Redhat Search vendor "Redhat"		Red Hat 3scale Amp Search vendor "Redhat" for product "Red Hat 3scale Amp"				*		-		Affected