CVE-2024-8698
Keycloak-saml-core: improper verification of saml responses leading to privilege escalation in keycloak
Severity Score
7.7
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Reference element used to specify the signed element. This flaw allows attackers to create crafted responses that can bypass the validation, potentially leading to privilege escalation or impersonation attacks.
New images with security impact Important are available for Red Hat build of Keycloak 22.0.13 and Red Hat build of Keycloak 22.0.13 Operator, running on OpenShift Container Platform. Issues addressed include a privilege escalation vulnerability.
*Credits:
Red Hat would like to thank Tanner Emek for reporting this issue.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-09-11 CVE Reserved
- 2024-09-19 CVE Published
- 2024-10-10 First Exploit
- 2024-12-13 CVE Updated
- 2025-04-15 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-347: Improper Verification of Cryptographic Signature
CAPEC
References (16)
| URL | Date | SRC |
|---|---|---|
| https://github.com/huydoppaz/CVE-2024-8698-POC | 2024-10-10 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2024-8698 | 2024-09-19 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2311641 | 2024-09-19 | |
| https://access.redhat.com/errata/RHSA-2024:6878 | 2024-12-13 | |
| https://access.redhat.com/errata/RHSA-2024:6879 | 2024-12-13 | |
| https://access.redhat.com/errata/RHSA-2024:6880 | 2024-12-13 | |
| https://access.redhat.com/errata/RHSA-2024:6882 | 2024-12-13 | |
| https://access.redhat.com/errata/RHSA-2024:6886 | 2024-12-13 | |
| https://access.redhat.com/errata/RHSA-2024:6887 | 2024-12-13 | |
| https://access.redhat.com/errata/RHSA-2024:6888 | 2024-12-13 | |
| https://access.redhat.com/errata/RHSA-2024:6889 | 2024-12-13 | |
| https://access.redhat.com/errata/RHSA-2024:6890 | 2024-12-13 | |
| https://access.redhat.com/errata/RHSA-2024:8823 | 2024-12-13 | |
| https://access.redhat.com/errata/RHSA-2024:8824 | 2024-12-13 | |
| https://access.redhat.com/errata/RHSA-2024:8826 | 2024-12-13 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redhat Search vendor "Redhat" | Build Keycloak Search vendor "Redhat" for product "Build Keycloak" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Build Of Keycloak Search vendor "Redhat" for product "Build Of Keycloak" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Red Hat Single Sign On Search vendor "Redhat" for product "Red Hat Single Sign On" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Rhosemc Search vendor "Redhat" for product "Rhosemc" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | * | - |
Affected
| ||||||