Vulnerability-Lookup - Search a vulnerability

Vulnerabilites related to redhat - build_of_keycloak

cve-2024-7318

Vulnerability from cvelistv5

Published

2024-09-09 18:50

Modified

2025-01-02 14:20

Severity ?

4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Summary

A vulnerability was found in Keycloak. Expired OTP codes are still usable when using FreeOTP when the OTP token period is set to 30 seconds (default). Instead of expiring and deemed unusable around 30 seconds in, the tokens are valid for an additional 30 seconds totaling 1 minute. A one time passcode that is valid longer than its expiration time increases the attack window for malicious actors to abuse the system and compromise accounts. Additionally, it increases the attack surface because at any given time, two OTPs are valid.

References

▼	URL	Tags
	https://access.redhat.com/errata/RHSA-2024:6502	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6503	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2024-7318	vdb-entry, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2301876	issue-tracking, x_refsource_REDHAT

Impacted products

Vendor

Product

Version

▼

Version: 0 ≤
Version: 25.0.0 ≤

Red Hat	Red Hat Build of Keycloak	cpe:/a:redhat:build_keycloak:24
Red Hat	Red Hat build of Keycloak 24	Unaffected: 24.0.7-4 < * cpe:/a:redhat:build_keycloak:24::el9
Red Hat	Red Hat build of Keycloak 24	Unaffected: 24-16 < * cpe:/a:redhat:build_keycloak:24::el9
Red Hat	Red Hat build of Keycloak 24	Unaffected: 24-16 < * cpe:/a:redhat:build_keycloak:24::el9

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2024-7318",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-09-09T19:08:16.666351Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-09-09T19:08:33.567Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               collectionURL: "https://github.com/keycloak/keycloak",
               defaultStatus: "unaffected",
               packageName: "keycloak-core",
               versions: [
                  {
                     lessThan: "24.0.7",
                     status: "affected",
                     version: "0",
                     versionType: "semver",
                  },
                  {
                     lessThan: "25.0.4",
                     status: "affected",
                     version: "25.0.0",
                     versionType: "semver",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:build_keycloak:24",
               ],
               defaultStatus: "unaffected",
               packageName: "keycloak-core",
               product: "Red Hat Build of Keycloak",
               vendor: "Red Hat",
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:build_keycloak:24::el9",
               ],
               defaultStatus: "affected",
               packageName: "rhbk/keycloak-operator-bundle",
               product: "Red Hat build of Keycloak 24",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "24.0.7-4",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:build_keycloak:24::el9",
               ],
               defaultStatus: "affected",
               packageName: "rhbk/keycloak-rhel9",
               product: "Red Hat build of Keycloak 24",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "24-16",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:build_keycloak:24::el9",
               ],
               defaultStatus: "affected",
               packageName: "rhbk/keycloak-rhel9-operator",
               product: "Red Hat build of Keycloak 24",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "24-16",
                     versionType: "rpm",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               value: "This issue was discovered by Todd Cullum (Red Hat).",
            },
         ],
         datePublic: "2024-09-09T13:55:00+00:00",
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability was found in Keycloak. Expired OTP codes are still usable when using FreeOTP when the OTP token period is set to 30 seconds (default). Instead of expiring and deemed unusable around 30 seconds in, the tokens are valid for an additional 30 seconds totaling 1 minute.\r\nA one time passcode that is valid longer than its expiration time increases the attack window for malicious actors to abuse the system and compromise accounts. Additionally, it increases the attack surface because at any given time, two OTPs are valid.",
            },
         ],
         metrics: [
            {
               other: {
                  content: {
                     namespace: "https://access.redhat.com/security/updates/classification/",
                     value: "Low",
                  },
                  type: "Red Hat severity rating",
               },
            },
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 4.8,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
                  version: "3.1",
               },
               format: "CVSS",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-324",
                     description: "Use of a Key Past its Expiration Date",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2025-01-02T14:20:08.304Z",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "RHSA-2024:6502",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2024:6502",
            },
            {
               name: "RHSA-2024:6503",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2024:6503",
            },
            {
               tags: [
                  "vdb-entry",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/security/cve/CVE-2024-7318",
            },
            {
               name: "RHBZ#2301876",
               tags: [
                  "issue-tracking",
                  "x_refsource_REDHAT",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=2301876",
            },
         ],
         timeline: [
            {
               lang: "en",
               time: "2024-07-31T03:04:38+00:00",
               value: "Reported to Red Hat.",
            },
            {
               lang: "en",
               time: "2024-09-09T13:55:00+00:00",
               value: "Made public.",
            },
         ],
         title: "Keycloak-core: one time passcode (otp) is valid longer than expiration timeseverity",
         x_redhatCweChain: "CWE-324: Use of a Key Past its Expiration Date",
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2024-7318",
      datePublished: "2024-09-09T18:50:36.583Z",
      dateReserved: "2024-07-31T03:04:15.355Z",
      dateUpdated: "2025-01-02T14:20:08.304Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2024-10234

Vulnerability from cvelistv5

Published

2024-10-22 13:17

Modified

2025-03-03 15:02

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N

Summary

A vulnerability was found in Wildfly, where a user may perform Cross-site scripting in the Wildfly deployment system. This flaw allows an attacker or insider to execute a deployment with a malicious payload, which could trigger undesired behavior against the server.

References

▼	URL	Tags
	https://access.redhat.com/errata/RHSA-2025:2025	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:2026	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:2029	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2024-10234	vdb-entry, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2320848	issue-tracking, x_refsource_REDHAT

Impacted products

Vendor

Product

Version

▼

Version: 35.0.0 ≤

Red Hat	Red Hat JBoss Enterprise Application Platform 8	cpe:/a:redhat:jboss_enterprise_application_platform:8.0
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.0.3-1.Final_redhat_00001.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:8.6.6-5.redhat_00001.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:800.6.0-2.GA_redhat_00002.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:1.0.13-2.redhat_5.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.1.214-2.redhat_00001.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:3.6.23-1.Final_redhat_00001.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:6.0.6-2.Final_redhat_00001.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:1.8.0-2.redhat_00002.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:3.0.0-3.redhat_00001.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.1.0-3.redhat_00001.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:3.0.0-4.redhat_00001.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:3.0.2-2.redhat_00001.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:4.0.1-2.redhat_00001.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:3.0.0-2.redhat_00001.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:3.1.0-3.redhat_00001.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:1.1.13-2.redhat_00001.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.4.0-2.redhat_00001.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.0.1-2.Final_redhat_00001.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:1.6.1-2.Final_redhat_00001.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.3.0-2.Final_redhat_00001.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:4.0.1-2.Final_redhat_00001.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:3.0.0-3.Final_redhat_00001.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.0.1-2.Final_redhat_00001.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.0.0-2.Final_redhat_00001.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.1.19-2.Final_redhat_00001.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:1.5.1-2.Final_redhat_00001.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:3.0.4-2.Final_redhat_00001.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:1.1.0-2.Final_redhat_00001.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.4.0-3.Final_redhat_00001.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:8.0.0-3.Final_redhat_00001.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:3.3.0-2.Final_redhat_00001.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:3.0.0-2.Final_redhat_00001.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:5.1.0-1.Final_redhat_00001.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:7.3.1-1.Final_redhat_00001.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:5.0.0-2.Final_redhat_00001.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:1.0.0-2.redhat_8.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:1.9.0-2.redhat_00002.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:1.0.1-2.Final_redhat_3.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.2.21-2.redhat_00001.2.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.0.1-2.Final_redhat_00001.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:1.4.0-2.Final_redhat_00001.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:8.0.6-5.GA_redhat_00004.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:1.6.0-4.Final_redhat_00001.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:6.4.0-3.redhat_00003.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:1.2.0-3.redhat_12.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.0.3-1.Final_redhat_00001.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:8.6.6-5.redhat_00001.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:800.6.0-2.GA_redhat_00002.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:1.0.13-2.redhat_5.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.1.214-2.redhat_00001.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:3.6.23-1.Final_redhat_00001.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:6.0.6-2.Final_redhat_00001.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:1.8.0-2.redhat_00002.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:3.0.0-3.redhat_00001.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.1.0-3.redhat_00001.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:3.0.0-4.redhat_00001.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:3.0.2-2.redhat_00001.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:4.0.1-2.redhat_00001.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:3.0.0-2.redhat_00001.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:3.1.0-3.redhat_00001.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:1.1.13-2.redhat_00001.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.4.0-2.redhat_00001.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.0.1-2.Final_redhat_00001.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:1.6.1-2.Final_redhat_00001.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.3.0-2.Final_redhat_00001.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:4.0.1-2.Final_redhat_00001.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:3.0.0-3.Final_redhat_00001.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.0.1-2.Final_redhat_00001.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.0.0-2.Final_redhat_00001.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.1.19-2.Final_redhat_00001.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:1.5.1-2.Final_redhat_00001.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:3.0.4-2.Final_redhat_00001.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:1.1.0-2.Final_redhat_00001.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.4.0-3.Final_redhat_00001.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:8.0.0-3.Final_redhat_00001.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:3.3.0-2.Final_redhat_00001.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:3.0.0-2.Final_redhat_00001.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:5.1.0-1.Final_redhat_00001.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:7.3.1-1.Final_redhat_00001.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:5.0.0-2.Final_redhat_00001.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:1.0.0-2.redhat_8.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:1.9.0-2.redhat_00002.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:1.0.1-2.Final_redhat_3.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.2.21-2.redhat_00001.2.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.0.1-2.Final_redhat_00001.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:1.4.0-2.Final_redhat_00001.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:8.0.6-5.GA_redhat_00004.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:1.6.0-4.Final_redhat_00001.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:6.4.0-3.redhat_00003.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:1.2.0-3.redhat_12.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat Build of Keycloak	cpe:/a:redhat:build_keycloak:
Red Hat	Red Hat Fuse 7	cpe:/a:redhat:jboss_fuse:7
Red Hat	Red Hat JBoss Data Grid 7	cpe:/a:redhat:jboss_data_grid:7
Red Hat	Red Hat JBoss Enterprise Application Platform 7	cpe:/a:redhat:jboss_enterprise_application_platform:7
Red Hat	Red Hat JBoss Enterprise Application Platform Expansion Pack	cpe:/a:redhat:jbosseapxp
Red Hat	Red Hat Single Sign-On 7	cpe:/a:redhat:red_hat_single_sign_on:7

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2024-10234",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-10-22T17:41:01.307691Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-10-22T17:41:14.160Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               collectionURL: "https://github.com/wildfly/wildfly",
               defaultStatus: "unaffected",
               packageName: "wildfly",
               versions: [
                  {
                     lessThan: "35.0.0",
                     status: "affected",
                     version: "35.0.0",
                     versionType: "semver",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0",
               ],
               defaultStatus: "unaffected",
               packageName: "org.wildfly.core/wildfly-core-management-subsystem",
               product: "Red Hat JBoss Enterprise Application Platform 8",
               vendor: "Red Hat",
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-artemis-wildfly-integration",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:2.0.3-1.Final_redhat_00001.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-azure-storage",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:8.6.6-5.redhat_00001.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-eap-product-conf-parent",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:800.6.0-2.GA_redhat_00002.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-gnu-getopt",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:1.0.13-2.redhat_5.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-h2database",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:2.1.214-2.redhat_00001.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-hal-console",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:3.6.23-1.Final_redhat_00001.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-hibernate-commons-annotations",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:6.0.6-2.Final_redhat_00001.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jackson-coreutils",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:1.8.0-2.redhat_00002.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jakarta-authentication-api",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:3.0.0-3.redhat_00001.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jakarta-authorization-api",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:2.1.0-3.redhat_00001.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jakarta-enterprise-concurrent",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:3.0.0-4.redhat_00001.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jakarta-enterprise-concurrent-api",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:3.0.2-2.redhat_00001.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jakarta-enterprise-lang-model",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:4.0.1-2.redhat_00001.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jakarta-security-enterprise-api",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:3.0.0-2.redhat_00001.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jakarta-servlet-jsp-api",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:3.1.0-3.redhat_00001.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-javaewah",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:1.1.13-2.redhat_00001.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jboss-aesh",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:2.4.0-2.redhat_00001.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jboss-common-beans",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:2.0.1-2.Final_redhat_00001.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jboss-dmr",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:1.6.1-2.Final_redhat_00001.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jboss-ejb3-ext-api",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:2.3.0-2.Final_redhat_00001.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jboss-el-api_5.0_spec",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:4.0.1-2.Final_redhat_00001.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jboss-genericjms",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:3.0.0-3.Final_redhat_00001.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jboss-iiop-client",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:2.0.1-2.Final_redhat_00001.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jboss-invocation",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:2.0.0-2.Final_redhat_00001.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jboss-logmanager",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:2.1.19-2.Final_redhat_00001.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jboss-msc",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:1.5.1-2.Final_redhat_00001.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jboss-remoting-jmx",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:3.0.4-2.Final_redhat_00001.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jboss-stdio",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:1.1.0-2.Final_redhat_00001.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jboss-threads",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:2.4.0-3.Final_redhat_00001.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jboss-transaction-spi",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:8.0.0-3.Final_redhat_00001.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jboss-vfs",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:3.3.0-2.Final_redhat_00001.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jbossws-api",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:3.0.0-2.Final_redhat_00001.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jbossws-common",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:5.1.0-1.Final_redhat_00001.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jbossws-cxf",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:7.3.1-1.Final_redhat_00001.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jbossws-spi",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:5.0.0-2.Final_redhat_00001.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jcip-annotations",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:1.0.0-2.redhat_8.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-json-patch",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:1.9.0-2.redhat_00002.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jul-to-slf4j-stub",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:1.0.1-2.Final_redhat_3.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-reactivex-rxjava2",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:2.2.21-2.redhat_00001.2.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-slf4j-jboss-logmanager",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:2.0.1-2.Final_redhat_00001.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-staxmapper",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:1.4.0-2.Final_redhat_00001.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-wildfly",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:8.0.6-5.GA_redhat_00004.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-wildfly-common",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:1.6.0-4.Final_redhat_00001.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-woodstox-core",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:6.4.0-3.redhat_00003.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-xml-commons-resolver",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:1.2.0-3.redhat_12.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-artemis-wildfly-integration",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:2.0.3-1.Final_redhat_00001.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-azure-storage",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:8.6.6-5.redhat_00001.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-eap-product-conf-parent",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:800.6.0-2.GA_redhat_00002.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-gnu-getopt",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:1.0.13-2.redhat_5.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-h2database",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:2.1.214-2.redhat_00001.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-hal-console",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:3.6.23-1.Final_redhat_00001.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-hibernate-commons-annotations",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:6.0.6-2.Final_redhat_00001.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jackson-coreutils",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:1.8.0-2.redhat_00002.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jakarta-authentication-api",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:3.0.0-3.redhat_00001.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jakarta-authorization-api",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:2.1.0-3.redhat_00001.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jakarta-enterprise-concurrent",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:3.0.0-4.redhat_00001.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jakarta-enterprise-concurrent-api",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:3.0.2-2.redhat_00001.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jakarta-enterprise-lang-model",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:4.0.1-2.redhat_00001.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jakarta-security-enterprise-api",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:3.0.0-2.redhat_00001.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jakarta-servlet-jsp-api",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:3.1.0-3.redhat_00001.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-javaewah",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:1.1.13-2.redhat_00001.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jboss-aesh",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:2.4.0-2.redhat_00001.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jboss-common-beans",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:2.0.1-2.Final_redhat_00001.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jboss-dmr",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:1.6.1-2.Final_redhat_00001.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jboss-ejb3-ext-api",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:2.3.0-2.Final_redhat_00001.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jboss-el-api_5.0_spec",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:4.0.1-2.Final_redhat_00001.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jboss-genericjms",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:3.0.0-3.Final_redhat_00001.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jboss-iiop-client",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:2.0.1-2.Final_redhat_00001.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jboss-invocation",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:2.0.0-2.Final_redhat_00001.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jboss-logmanager",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:2.1.19-2.Final_redhat_00001.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jboss-msc",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:1.5.1-2.Final_redhat_00001.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jboss-remoting-jmx",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:3.0.4-2.Final_redhat_00001.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jboss-stdio",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:1.1.0-2.Final_redhat_00001.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jboss-threads",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:2.4.0-3.Final_redhat_00001.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jboss-transaction-spi",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:8.0.0-3.Final_redhat_00001.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jboss-vfs",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:3.3.0-2.Final_redhat_00001.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jbossws-api",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:3.0.0-2.Final_redhat_00001.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jbossws-common",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:5.1.0-1.Final_redhat_00001.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jbossws-cxf",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:7.3.1-1.Final_redhat_00001.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jbossws-spi",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:5.0.0-2.Final_redhat_00001.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jcip-annotations",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:1.0.0-2.redhat_8.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-json-patch",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:1.9.0-2.redhat_00002.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jul-to-slf4j-stub",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:1.0.1-2.Final_redhat_3.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-reactivex-rxjava2",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:2.2.21-2.redhat_00001.2.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-slf4j-jboss-logmanager",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:2.0.1-2.Final_redhat_00001.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-staxmapper",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:1.4.0-2.Final_redhat_00001.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-wildfly",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:8.0.6-5.GA_redhat_00004.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-wildfly-common",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:1.6.0-4.Final_redhat_00001.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-woodstox-core",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:6.4.0-3.redhat_00003.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-xml-commons-resolver",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:1.2.0-3.redhat_12.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:build_keycloak:",
               ],
               defaultStatus: "affected",
               packageName: "org.wildfly.core/wildfly-core-management-subsystem",
               product: "Red Hat Build of Keycloak",
               vendor: "Red Hat",
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_fuse:7",
               ],
               defaultStatus: "unknown",
               packageName: "org.wildfly.core/wildfly-core-management-subsystem",
               product: "Red Hat Fuse 7",
               vendor: "Red Hat",
            },
            {
               collectionURL: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
               cpes: [
                  "cpe:/a:redhat:jboss_data_grid:7",
               ],
               defaultStatus: "unknown",
               packageName: "org.wildfly.core/wildfly-core-management-subsystem",
               product: "Red Hat JBoss Data Grid 7",
               vendor: "Red Hat",
            },
            {
               collectionURL: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:7",
               ],
               defaultStatus: "unknown",
               packageName: "org.wildfly.core/wildfly-core-management-subsystem",
               product: "Red Hat JBoss Enterprise Application Platform 7",
               vendor: "Red Hat",
            },
            {
               collectionURL: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
               cpes: [
                  "cpe:/a:redhat:jbosseapxp",
               ],
               defaultStatus: "unaffected",
               packageName: "org.wildfly.core/wildfly-core-management-subsystem",
               product: "Red Hat JBoss Enterprise Application Platform Expansion Pack",
               vendor: "Red Hat",
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:red_hat_single_sign_on:7",
               ],
               defaultStatus: "unknown",
               packageName: "org.wildfly.core/wildfly-core-management-client",
               product: "Red Hat Single Sign-On 7",
               vendor: "Red Hat",
            },
         ],
         datePublic: "2024-10-22T00:00:00.000Z",
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability was found in Wildfly, where a user may perform Cross-site scripting in the Wildfly deployment system. This flaw allows an attacker or insider to execute a deployment with a malicious payload, which could trigger undesired behavior against the server.",
            },
         ],
         metrics: [
            {
               other: {
                  content: {
                     namespace: "https://access.redhat.com/security/updates/classification/",
                     value: "Moderate",
                  },
                  type: "Red Hat severity rating",
               },
            },
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 6.1,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "HIGH",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
                  version: "3.1",
               },
               format: "CVSS",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-79",
                     description: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2025-03-03T15:02:14.937Z",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "RHSA-2025:2025",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2025:2025",
            },
            {
               name: "RHSA-2025:2026",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2025:2026",
            },
            {
               name: "RHSA-2025:2029",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2025:2029",
            },
            {
               tags: [
                  "vdb-entry",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/security/cve/CVE-2024-10234",
            },
            {
               name: "RHBZ#2320848",
               tags: [
                  "issue-tracking",
                  "x_refsource_REDHAT",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=2320848",
            },
         ],
         timeline: [
            {
               lang: "en",
               time: "2024-10-22T01:46:48.739000+00:00",
               value: "Reported to Red Hat.",
            },
            {
               lang: "en",
               time: "2024-10-22T00:00:00+00:00",
               value: "Made public.",
            },
         ],
         title: "Wildfly: wildfly vulnerable to cross-site scripting (xss)",
         x_redhatCweChain: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2024-10234",
      datePublished: "2024-10-22T13:17:57.891Z",
      dateReserved: "2024-10-22T01:50:57.793Z",
      dateUpdated: "2025-03-03T15:02:14.937Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2024-4629

Vulnerability from cvelistv5

Published

2024-09-03 19:42

Modified

2025-01-28 09:33

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Summary

A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating multiple login requests simultaneously, attackers can exceed the configured limits for failed attempts before the system locks them out. This timing loophole enables attackers to make more guesses at passwords than intended, potentially compromising account security on affected systems.

References

▼	URL	Tags
	https://access.redhat.com/errata/RHSA-2024:6493	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6494	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6495	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6497	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6499	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6500	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6501	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2024-4629	vdb-entry, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2276761	issue-tracking, x_refsource_REDHAT

Impacted products

Vendor

Product

Version

▼

Version: 24.0.3

Red Hat	Red Hat Build of Keycloak	cpe:/a:redhat:build_keycloak:22
Red Hat	Red Hat build of Keycloak 22	Unaffected: 22.0.12-1 < * cpe:/a:redhat:build_keycloak:22::el9
Red Hat	Red Hat build of Keycloak 22	Unaffected: 22-17 < * cpe:/a:redhat:build_keycloak:22::el9
Red Hat	Red Hat build of Keycloak 22	Unaffected: 22-20 < * cpe:/a:redhat:build_keycloak:22::el9
Red Hat	Red Hat Single Sign-On 7	cpe:/a:redhat:red_hat_single_sign_on:7.6
Red Hat	Red Hat Single Sign-On 7.6 for RHEL 7	Unaffected: 0:18.0.16-1.redhat_00001.1.el7sso < * cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
Red Hat	Red Hat Single Sign-On 7.6 for RHEL 8	Unaffected: 0:18.0.16-1.redhat_00001.1.el8sso < * cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
Red Hat	Red Hat Single Sign-On 7.6 for RHEL 9	Unaffected: 0:18.0.16-1.redhat_00001.1.el9sso < * cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
Red Hat	RHEL-8 based Middleware Containers	Unaffected: 7.6-52 < * cpe:/a:redhat:rhosemc:1.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8	cpe:/a:redhat:jboss_enterprise_application_platform:8

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2024-4629",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-09-03T20:20:28.329028Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-09-03T20:20:42.938Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
         {
            providerMetadata: {
               dateUpdated: "2024-11-14T16:59:26.284Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  url: "https://security.humanativaspa.it/an-analysis-of-the-keycloak-authentication-system/",
               },
               {
                  url: "https://github.com/hnsecurity/vulns/blob/main/HNS-2024-09-Keycloak.md",
               },
            ],
            title: "CVE Program Container",
            x_generator: {
               engine: "ADPogram 0.0.1",
            },
         },
      ],
      cna: {
         affected: [
            {
               collectionURL: "https://github.com/keycloak/keycloak",
               packageName: "keycloak",
               versions: [
                  {
                     status: "affected",
                     version: "24.0.3",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:build_keycloak:22",
               ],
               defaultStatus: "unaffected",
               packageName: "org.keycloak-keycloak-parent",
               product: "Red Hat Build of Keycloak",
               vendor: "Red Hat",
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:build_keycloak:22::el9",
               ],
               defaultStatus: "affected",
               packageName: "rhbk/keycloak-operator-bundle",
               product: "Red Hat build of Keycloak 22",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "22.0.12-1",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:build_keycloak:22::el9",
               ],
               defaultStatus: "affected",
               packageName: "rhbk/keycloak-rhel9",
               product: "Red Hat build of Keycloak 22",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "22-17",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:build_keycloak:22::el9",
               ],
               defaultStatus: "affected",
               packageName: "rhbk/keycloak-rhel9-operator",
               product: "Red Hat build of Keycloak 22",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "22-20",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:red_hat_single_sign_on:7.6",
               ],
               defaultStatus: "unaffected",
               packageName: "org.keycloak-keycloak-parent",
               product: "Red Hat Single Sign-On 7",
               vendor: "Red Hat",
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7",
               ],
               defaultStatus: "affected",
               packageName: "rh-sso7-keycloak",
               product: "Red Hat Single Sign-On 7.6 for RHEL 7",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:18.0.16-1.redhat_00001.1.el7sso",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8",
               ],
               defaultStatus: "affected",
               packageName: "rh-sso7-keycloak",
               product: "Red Hat Single Sign-On 7.6 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:18.0.16-1.redhat_00001.1.el8sso",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9",
               ],
               defaultStatus: "affected",
               packageName: "rh-sso7-keycloak",
               product: "Red Hat Single Sign-On 7.6 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:18.0.16-1.redhat_00001.1.el9sso",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:rhosemc:1.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "rh-sso-7/sso76-openshift-rhel8",
               product: "RHEL-8 based Middleware Containers",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "7.6-52",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8",
               ],
               defaultStatus: "affected",
               packageName: "org.keycloak-keycloak-parent",
               product: "Red Hat JBoss Enterprise Application Platform 8",
               vendor: "Red Hat",
            },
         ],
         datePublic: "2024-09-03T19:38:00.000Z",
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating multiple login requests simultaneously, attackers can exceed the configured limits for failed attempts before the system locks them out. This timing loophole enables attackers to make more guesses at passwords than intended, potentially compromising account security on affected systems.",
            },
         ],
         metrics: [
            {
               other: {
                  content: {
                     namespace: "https://access.redhat.com/security/updates/classification/",
                     value: "Low",
                  },
                  type: "Red Hat severity rating",
               },
            },
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 6.5,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                  version: "3.1",
               },
               format: "CVSS",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-837",
                     description: "Improper Enforcement of a Single, Unique Action",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2025-01-28T09:33:25.316Z",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "RHSA-2024:6493",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2024:6493",
            },
            {
               name: "RHSA-2024:6494",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2024:6494",
            },
            {
               name: "RHSA-2024:6495",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2024:6495",
            },
            {
               name: "RHSA-2024:6497",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2024:6497",
            },
            {
               name: "RHSA-2024:6499",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2024:6499",
            },
            {
               name: "RHSA-2024:6500",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2024:6500",
            },
            {
               name: "RHSA-2024:6501",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2024:6501",
            },
            {
               tags: [
                  "vdb-entry",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/security/cve/CVE-2024-4629",
            },
            {
               name: "RHBZ#2276761",
               tags: [
                  "issue-tracking",
                  "x_refsource_REDHAT",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=2276761",
            },
         ],
         timeline: [
            {
               lang: "en",
               time: "2024-04-23T00:00:00+00:00",
               value: "Reported to Red Hat.",
            },
            {
               lang: "en",
               time: "2024-09-03T19:38:00+00:00",
               value: "Made public.",
            },
         ],
         title: "Keycloak: potential bypass of brute force protection",
         workarounds: [
            {
               lang: "en",
               value: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
            },
         ],
         x_redhatCweChain: "CWE-837: Improper Enforcement of a Single, Unique Action",
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2024-4629",
      datePublished: "2024-09-03T19:42:01.318Z",
      dateReserved: "2024-05-07T20:47:03.184Z",
      dateUpdated: "2025-01-28T09:33:25.316Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2024-8883

Vulnerability from cvelistv5

Published

2024-09-19 15:48

Modified

2024-12-24 03:24

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking.

References

▼	URL	Tags
	https://access.redhat.com/errata/RHSA-2024:10385	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:10386	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6878	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6879	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6880	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6882	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6886	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6887	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6888	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6889	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6890	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:8823	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:8824	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:8826	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2024-8883	vdb-entry, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2312511	issue-tracking, x_refsource_REDHAT
	https://github.com/keycloak/keycloak/blob/main/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java

Impacted products

Vendor

Product

Version

▼

Version: 0   ≤
Version: 23.0.0   ≤
Version: 25.0.0   ≤

Red Hat	Red Hat Build of Keycloak	cpe:/a:redhat:build_keycloak:22
Red Hat	Red Hat Build of Keycloak	cpe:/a:redhat:build_keycloak:24
Red Hat	Red Hat build of Keycloak 22	Unaffected: 22.0.13-1 < * cpe:/a:redhat:build_keycloak:22::el9
Red Hat	Red Hat build of Keycloak 22	Unaffected: 22-18 < * cpe:/a:redhat:build_keycloak:22::el9
Red Hat	Red Hat build of Keycloak 22	Unaffected: 22-21 < * cpe:/a:redhat:build_keycloak:22::el9
Red Hat	Red Hat build of Keycloak 24	Unaffected: 24.0.8-1 < * cpe:/a:redhat:build_keycloak:24::el9
Red Hat	Red Hat build of Keycloak 24	Unaffected: 24-17 < * cpe:/a:redhat:build_keycloak:24::el9
Red Hat	Red Hat build of Keycloak 24	Unaffected: 24-17 < * cpe:/a:redhat:build_keycloak:24::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8	cpe:/a:redhat:jboss_enterprise_application_platform:8.0
Red Hat	Red Hat JBoss Enterprise Application Platform 8	cpe:/a:redhat:jboss_enterprise_application_platform:8.0
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:800.4.1-1.GA_redhat_00001.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8 cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:8.0.4-3.GA_redhat_00007.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8 cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.33.0-1.redhat_00015.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 1:2.0.0-2.redhat_00005.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:1.8.0-2.redhat_00001.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.2.0-2.redhat_00001.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:1.16.1-2.redhat_00007.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:3.2.2-28.redhat_2.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.15.1-1.redhat_00001.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:3.14.0-2.redhat_00006.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:4.0.5-1.redhat_00001.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 1:2.0.0-2.redhat_00005.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.0.1-1.redhat_00002.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:0.1.0-2.redhat_00010.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:1.12.284-2.redhat_00002.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:1.2.5-2.redhat_00001.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:800.4.0-1.GA_redhat_00001.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.1.0-4.redhat_00001.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:6.2.31-1.Final_redhat_00002.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:8.0.1-3.Final_redhat_00001.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:0.8.1-2.redhat_00001.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:1.1.3-1.redhat_00001.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:3.0.1-1.redhat_00001.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:1.1.3-1.redhat_00001.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:3.5.3-1.Final_redhat_00001.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:4.0.2-1.redhat_00001.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:5.3.10-1.Final_redhat_00001.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.22.1-1.redhat_00002.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:6.0.3-1.Final_redhat_00001.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:9.37.3-1.redhat_00001.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:9.6.0-1.redhat_00002.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.3.0-1.redhat_00001.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.0.1-3.Final_redhat_00001.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:3.0.1-2.Final_redhat_00001.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:3.0.4-1.redhat_00001.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:8.0.0-6.redhat_00001.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.0.16-1.redhat_00001.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.2.0-1.redhat_00001.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:8.0.4-2.GA_redhat_00005.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:800.4.1-1.GA_redhat_00001.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8 cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:8.0.4-3.GA_redhat_00007.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8 cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.33.0-1.redhat_00015.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 1:2.0.0-2.redhat_00005.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:1.8.0-2.redhat_00001.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.2.0-2.redhat_00001.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:1.16.1-2.redhat_00007.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:3.2.2-28.redhat_2.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.15.1-1.redhat_00001.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:3.14.0-2.redhat_00006.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:4.0.5-1.redhat_00001.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 1:2.0.0-2.redhat_00005.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.0.1-1.redhat_00002.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:0.1.0-2.redhat_00010.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:1.12.284-2.redhat_00002.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:1.2.5-2.redhat_00001.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:800.4.0-1.GA_redhat_00001.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.1.0-4.redhat_00001.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:6.2.31-1.Final_redhat_00002.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:8.0.1-3.Final_redhat_00001.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:0.8.1-2.redhat_00001.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:1.1.3-1.redhat_00001.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:3.0.1-1.redhat_00001.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:1.1.3-1.redhat_00001.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:3.5.3-1.Final_redhat_00001.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:4.0.2-1.redhat_00001.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:5.3.10-1.Final_redhat_00001.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.22.1-1.redhat_00002.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:6.0.3-1.Final_redhat_00001.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:9.37.3-1.redhat_00001.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:9.6.0-1.redhat_00002.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.3.0-1.redhat_00001.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.0.1-3.Final_redhat_00001.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:3.0.1-2.Final_redhat_00001.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:3.0.4-1.redhat_00001.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:8.0.0-6.redhat_00001.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.0.16-1.redhat_00001.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.2.0-1.redhat_00001.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:8.0.4-2.GA_redhat_00005.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat Single Sign-On 7	cpe:/a:redhat:red_hat_single_sign_on:7.6
Red Hat	Red Hat Single Sign-On 7.6 for RHEL 7	Unaffected: 0:18.0.18-1.redhat_00001.1.el7sso < * cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
Red Hat	Red Hat Single Sign-On 7.6 for RHEL 8	Unaffected: 0:18.0.18-1.redhat_00001.1.el8sso < * cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
Red Hat	Red Hat Single Sign-On 7.6 for RHEL 9	Unaffected: 0:18.0.18-1.redhat_00001.1.el9sso < * cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
Red Hat	RHEL-8 based Middleware Containers	Unaffected: 7.6-54 < * cpe:/a:redhat:rhosemc:1.0::el8

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2024-8883",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-09-19T17:28:37.383842Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-09-19T17:56:50.064Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               collectionURL: "https://github.com/keycloak/keycloak",
               defaultStatus: "unaffected",
               packageName: "keycloak-services",
               versions: [
                  {
                     lessThan: "22.0.12",
                     status: "affected",
                     version: "0",
                     versionType: "semver",
                  },
                  {
                     lessThan: "24.0.7",
                     status: "affected",
                     version: "23.0.0",
                     versionType: "semver",
                  },
                  {
                     lessThan: "25.0.5",
                     status: "affected",
                     version: "25.0.0",
                     versionType: "semver",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:build_keycloak:22",
               ],
               defaultStatus: "unaffected",
               packageName: "org.keycloak/keycloak-services",
               product: "Red Hat Build of Keycloak",
               vendor: "Red Hat",
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:build_keycloak:24",
               ],
               defaultStatus: "unaffected",
               packageName: "org.keycloak/keycloak-services",
               product: "Red Hat Build of Keycloak",
               vendor: "Red Hat",
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:build_keycloak:22::el9",
               ],
               defaultStatus: "affected",
               packageName: "rhbk/keycloak-operator-bundle",
               product: "Red Hat build of Keycloak 22",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "22.0.13-1",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:build_keycloak:22::el9",
               ],
               defaultStatus: "affected",
               packageName: "rhbk/keycloak-rhel9",
               product: "Red Hat build of Keycloak 22",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "22-18",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:build_keycloak:22::el9",
               ],
               defaultStatus: "affected",
               packageName: "rhbk/keycloak-rhel9-operator",
               product: "Red Hat build of Keycloak 22",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "22-21",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:build_keycloak:24::el9",
               ],
               defaultStatus: "affected",
               packageName: "rhbk/keycloak-operator-bundle",
               product: "Red Hat build of Keycloak 24",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "24.0.8-1",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:build_keycloak:24::el9",
               ],
               defaultStatus: "affected",
               packageName: "rhbk/keycloak-rhel9",
               product: "Red Hat build of Keycloak 24",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "24-17",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:build_keycloak:24::el9",
               ],
               defaultStatus: "affected",
               packageName: "rhbk/keycloak-rhel9-operator",
               product: "Red Hat build of Keycloak 24",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "24-17",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0",
               ],
               defaultStatus: "unaffected",
               packageName: "org.keycloak/keycloak-services",
               product: "Red Hat JBoss Enterprise Application Platform 8",
               vendor: "Red Hat",
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0",
               ],
               defaultStatus: "unaffected",
               packageName: "org.keycloak/keycloak-services",
               product: "Red Hat JBoss Enterprise Application Platform 8",
               vendor: "Red Hat",
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-eap-product-conf-parent",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:800.4.1-1.GA_redhat_00001.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-wildfly",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:8.0.4-3.GA_redhat_00007.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-activemq-artemis",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:2.33.0-1.redhat_00015.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-activemq-artemis-native",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "1:2.0.0-2.redhat_00005.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-aesh-extensions",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:1.8.0-2.redhat_00001.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-aesh-readline",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:2.2.0-2.redhat_00001.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-apache-commons-codec",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:1.16.1-2.redhat_00007.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-apache-commons-collections",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:3.2.2-28.redhat_2.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-apache-commons-io",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:2.15.1-1.redhat_00001.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-apache-commons-lang",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:3.14.0-2.redhat_00006.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-apache-cxf",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:4.0.5-1.redhat_00001.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-artemis-native",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "1:2.0.0-2.redhat_00005.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-artemis-wildfly-integration",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:2.0.1-1.redhat_00002.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-asyncutil",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:0.1.0-2.redhat_00010.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-aws-java-sdk",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:1.12.284-2.redhat_00002.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-cryptacular",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:1.2.5-2.redhat_00001.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-eap-product-conf-parent",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:800.4.0-1.GA_redhat_00001.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-fastinfoset",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:2.1.0-4.redhat_00001.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-hibernate",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:6.2.31-1.Final_redhat_00002.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-hibernate-validator",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:8.0.1-3.Final_redhat_00001.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-hppc",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:0.8.1-2.redhat_00001.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-insights-java-client",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:1.1.3-1.redhat_00001.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jakarta-servlet-jsp-jstl-api",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:3.0.1-1.redhat_00001.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jboss-cert-helper",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:1.1.3-1.redhat_00001.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jboss-logging",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:3.5.3-1.Final_redhat_00001.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jctools",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:4.0.2-1.redhat_00001.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jgroups",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:5.3.10-1.Final_redhat_00001.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-log4j",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:2.22.1-1.redhat_00002.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-narayana",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:6.0.3-1.Final_redhat_00001.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-nimbus-jose-jwt",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:9.37.3-1.redhat_00001.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-objectweb-asm",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:9.6.0-1.redhat_00002.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-pem-keystore",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:2.3.0-1.redhat_00001.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-resteasy-extensions",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:2.0.1-3.Final_redhat_00001.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-resteasy-spring",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:3.0.1-2.Final_redhat_00001.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-saaj-impl",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:3.0.4-1.redhat_00001.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-shibboleth-java-support",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:8.0.0-6.redhat_00001.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-slf4j",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:2.0.16-1.redhat_00001.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-snakeyaml",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:2.2.0-1.redhat_00001.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "eap8-wildfly",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:8.0.4-2.GA_redhat_00005.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-eap-product-conf-parent",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:800.4.1-1.GA_redhat_00001.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-wildfly",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:8.0.4-3.GA_redhat_00007.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-activemq-artemis",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:2.33.0-1.redhat_00015.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-activemq-artemis-native",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "1:2.0.0-2.redhat_00005.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-aesh-extensions",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:1.8.0-2.redhat_00001.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-aesh-readline",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:2.2.0-2.redhat_00001.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-apache-commons-codec",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:1.16.1-2.redhat_00007.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-apache-commons-collections",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:3.2.2-28.redhat_2.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-apache-commons-io",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:2.15.1-1.redhat_00001.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-apache-commons-lang",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:3.14.0-2.redhat_00006.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-apache-cxf",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:4.0.5-1.redhat_00001.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-artemis-native",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "1:2.0.0-2.redhat_00005.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-artemis-wildfly-integration",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:2.0.1-1.redhat_00002.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-asyncutil",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:0.1.0-2.redhat_00010.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-aws-java-sdk",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:1.12.284-2.redhat_00002.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-cryptacular",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:1.2.5-2.redhat_00001.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-eap-product-conf-parent",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:800.4.0-1.GA_redhat_00001.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-fastinfoset",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:2.1.0-4.redhat_00001.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-hibernate",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:6.2.31-1.Final_redhat_00002.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-hibernate-validator",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:8.0.1-3.Final_redhat_00001.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-hppc",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:0.8.1-2.redhat_00001.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-insights-java-client",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:1.1.3-1.redhat_00001.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jakarta-servlet-jsp-jstl-api",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:3.0.1-1.redhat_00001.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jboss-cert-helper",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:1.1.3-1.redhat_00001.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jboss-logging",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:3.5.3-1.Final_redhat_00001.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jctools",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:4.0.2-1.redhat_00001.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-jgroups",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:5.3.10-1.Final_redhat_00001.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-log4j",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:2.22.1-1.redhat_00002.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-narayana",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:6.0.3-1.Final_redhat_00001.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-nimbus-jose-jwt",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:9.37.3-1.redhat_00001.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-objectweb-asm",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:9.6.0-1.redhat_00002.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-pem-keystore",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:2.3.0-1.redhat_00001.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-resteasy-extensions",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:2.0.1-3.Final_redhat_00001.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-resteasy-spring",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:3.0.1-2.Final_redhat_00001.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-saaj-impl",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:3.0.4-1.redhat_00001.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-shibboleth-java-support",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:8.0.0-6.redhat_00001.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-slf4j",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:2.0.16-1.redhat_00001.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-snakeyaml",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:2.2.0-1.redhat_00001.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-wildfly",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:8.0.4-2.GA_redhat_00005.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:red_hat_single_sign_on:7.6",
               ],
               defaultStatus: "unaffected",
               packageName: "org.keycloak/keycloak-services",
               product: "Red Hat Single Sign-On 7",
               vendor: "Red Hat",
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7",
               ],
               defaultStatus: "affected",
               packageName: "rh-sso7-keycloak",
               product: "Red Hat Single Sign-On 7.6 for RHEL 7",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:18.0.18-1.redhat_00001.1.el7sso",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8",
               ],
               defaultStatus: "affected",
               packageName: "rh-sso7-keycloak",
               product: "Red Hat Single Sign-On 7.6 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:18.0.18-1.redhat_00001.1.el8sso",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9",
               ],
               defaultStatus: "affected",
               packageName: "rh-sso7-keycloak",
               product: "Red Hat Single Sign-On 7.6 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:18.0.18-1.redhat_00001.1.el9sso",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:rhosemc:1.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "rh-sso-7/sso76-openshift-rhel8",
               product: "RHEL-8 based Middleware Containers",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "7.6-54",
                     versionType: "rpm",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               value: "Red Hat would like to thank Karsten Meyer zu Selhausen and Niklas Conrad for reporting this issue.",
            },
         ],
         datePublic: "2024-09-19T15:13:00+00:00",
         descriptions: [
            {
               lang: "en",
               value: "A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking.",
            },
         ],
         metrics: [
            {
               other: {
                  content: {
                     namespace: "https://access.redhat.com/security/updates/classification/",
                     value: "Moderate",
                  },
                  type: "Red Hat severity rating",
               },
            },
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 6.1,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                  version: "3.1",
               },
               format: "CVSS",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-601",
                     description: "URL Redirection to Untrusted Site ('Open Redirect')",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-12-24T03:24:20.750Z",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "RHSA-2024:10385",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2024:10385",
            },
            {
               name: "RHSA-2024:10386",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2024:10386",
            },
            {
               name: "RHSA-2024:6878",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2024:6878",
            },
            {
               name: "RHSA-2024:6879",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2024:6879",
            },
            {
               name: "RHSA-2024:6880",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2024:6880",
            },
            {
               name: "RHSA-2024:6882",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2024:6882",
            },
            {
               name: "RHSA-2024:6886",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2024:6886",
            },
            {
               name: "RHSA-2024:6887",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2024:6887",
            },
            {
               name: "RHSA-2024:6888",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2024:6888",
            },
            {
               name: "RHSA-2024:6889",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2024:6889",
            },
            {
               name: "RHSA-2024:6890",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2024:6890",
            },
            {
               name: "RHSA-2024:8823",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2024:8823",
            },
            {
               name: "RHSA-2024:8824",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2024:8824",
            },
            {
               name: "RHSA-2024:8826",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2024:8826",
            },
            {
               tags: [
                  "vdb-entry",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/security/cve/CVE-2024-8883",
            },
            {
               name: "RHBZ#2312511",
               tags: [
                  "issue-tracking",
                  "x_refsource_REDHAT",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=2312511",
            },
            {
               url: "https://github.com/keycloak/keycloak/blob/main/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java",
            },
         ],
         timeline: [
            {
               lang: "en",
               time: "2024-09-16T06:17:01.573000+00:00",
               value: "Reported to Red Hat.",
            },
            {
               lang: "en",
               time: "2024-09-19T15:13:00+00:00",
               value: "Made public.",
            },
         ],
         title: "Keycloak: vulnerable redirect uri validation results in open redirec",
         workarounds: [
            {
               lang: "en",
               value: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
            },
         ],
         x_redhatCweChain: "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')",
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2024-8883",
      datePublished: "2024-09-19T15:48:28.468Z",
      dateReserved: "2024-09-16T06:45:30.550Z",
      dateUpdated: "2024-12-24T03:24:20.750Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2024-7260

Vulnerability from cvelistv5

Published

2024-09-09 18:49

Modified

2025-01-02 14:19

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

An open redirect vulnerability was found in Keycloak. A specially crafted URL can be constructed where the referrer and referrer_uri parameters are made to trick a user to visit a malicious webpage. A trusted URL can trick users and automation into believing that the URL is safe, when, in fact, it redirects to a malicious server. This issue can result in a victim inadvertently trusting the destination of the redirect, potentially leading to a successful phishing attack or other types of attacks. Once a crafted URL is made, it can be sent to a Keycloak admin via email for example. This will trigger this vulnerability when the user visits the page and clicks the link. A malicious actor can use this to target users they know are Keycloak admins for further attacks. It may also be possible to bypass other domain-related security checks, such as supplying this as a OAuth redirect uri. The malicious actor can further obfuscate the redirect_uri using URL encoding, to hide the text of the actual malicious website domain.

References

▼	URL	Tags
	https://access.redhat.com/errata/RHSA-2024:6502	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6503	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2024-7260	vdb-entry, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2301875	issue-tracking, x_refsource_REDHAT

Impacted products

Vendor

Product

Version

▼

Version: 0 ≤

Red Hat	Red Hat Build of Keycloak	cpe:/a:redhat:build_keycloak:24
Red Hat	Red Hat build of Keycloak 24	Unaffected: 24.0.7-4 < * cpe:/a:redhat:build_keycloak:24::el9
Red Hat	Red Hat build of Keycloak 24	Unaffected: 24-16 < * cpe:/a:redhat:build_keycloak:24::el9
Red Hat	Red Hat build of Keycloak 24	Unaffected: 24-16 < * cpe:/a:redhat:build_keycloak:24::el9

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2024-7260",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-09-09T19:13:21.486531Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-09-09T19:13:53.628Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               collectionURL: "https://github.com/keycloak/keycloak",
               defaultStatus: "unaffected",
               packageName: "keycloak",
               versions: [
                  {
                     lessThan: "24.0.7",
                     status: "affected",
                     version: "0",
                     versionType: "semver",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:build_keycloak:24",
               ],
               defaultStatus: "unaffected",
               packageName: "keycloak-core",
               product: "Red Hat Build of Keycloak",
               vendor: "Red Hat",
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:build_keycloak:24::el9",
               ],
               defaultStatus: "affected",
               packageName: "rhbk/keycloak-operator-bundle",
               product: "Red Hat build of Keycloak 24",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "24.0.7-4",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:build_keycloak:24::el9",
               ],
               defaultStatus: "affected",
               packageName: "rhbk/keycloak-rhel9",
               product: "Red Hat build of Keycloak 24",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "24-16",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:build_keycloak:24::el9",
               ],
               defaultStatus: "affected",
               packageName: "rhbk/keycloak-rhel9-operator",
               product: "Red Hat build of Keycloak 24",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "24-16",
                     versionType: "rpm",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               value: "This issue was discovered by Todd Cullum (Red Hat).",
            },
         ],
         datePublic: "2024-09-09T13:55:00+00:00",
         descriptions: [
            {
               lang: "en",
               value: "An open redirect vulnerability was found in Keycloak. A specially crafted URL can be constructed where the referrer and referrer_uri parameters are made to trick a user to visit a malicious webpage. A trusted URL can trick users and automation into believing that the URL is safe, when, in fact, it redirects to a malicious server. This issue can result in a victim inadvertently trusting the destination of the redirect, potentially leading to a successful phishing attack or other types of attacks.\r\n\r\nOnce a crafted URL is made, it can be sent to a Keycloak admin via email for example. This will trigger this vulnerability when the user visits the page and clicks the link. A malicious actor can use this to target users they know are Keycloak admins for further attacks. It may also be possible to bypass other domain-related security checks, such as supplying this as a OAuth redirect uri. The malicious actor can further obfuscate the redirect_uri using URL encoding, to hide the text of the actual malicious website domain.",
            },
         ],
         metrics: [
            {
               other: {
                  content: {
                     namespace: "https://access.redhat.com/security/updates/classification/",
                     value: "Moderate",
                  },
                  type: "Red Hat severity rating",
               },
            },
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 6.1,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                  version: "3.1",
               },
               format: "CVSS",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-601",
                     description: "URL Redirection to Untrusted Site ('Open Redirect')",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2025-01-02T14:19:31.238Z",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "RHSA-2024:6502",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2024:6502",
            },
            {
               name: "RHSA-2024:6503",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2024:6503",
            },
            {
               tags: [
                  "vdb-entry",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/security/cve/CVE-2024-7260",
            },
            {
               name: "RHBZ#2301875",
               tags: [
                  "issue-tracking",
                  "x_refsource_REDHAT",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=2301875",
            },
         ],
         timeline: [
            {
               lang: "en",
               time: "2024-07-31T02:53:42+00:00",
               value: "Reported to Red Hat.",
            },
            {
               lang: "en",
               time: "2024-09-09T13:55:00+00:00",
               value: "Made public.",
            },
         ],
         title: "Keycloak-core: open redirect on account page",
         x_redhatCweChain: "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')",
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2024-7260",
      datePublished: "2024-09-09T18:49:59.437Z",
      dateReserved: "2024-07-30T02:24:02.197Z",
      dateUpdated: "2025-01-02T14:19:31.238Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2024-7885

Vulnerability from cvelistv5

Published

2024-08-21 14:13

Modified

2025-03-03 14:18

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which could lead to unintended data exposure. This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments.

References

▼	URL	Tags
	https://access.redhat.com/errata/RHSA-2024:11023	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6508	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6883	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:7441	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:7442	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:7735	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:7736	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2024-7885	vdb-entry, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2305290	issue-tracking, x_refsource_REDHAT

Impacted products

Vendor

Product

Version

▼

Version: 0 < 2.2.36.Final
Version: 2.3.0.Alpha1 < 2.3.17.Final

Red Hat	HawtIO 4.0.0 for Red Hat build of Apache Camel 4	cpe:/a:redhat:rhboac_hawtio:4.0.0
Red Hat	Red Hat build of Apache Camel 3.20.7 for Spring Boot	cpe:/a:redhat:apache_camel_spring_boot:3.20.7
Red Hat	Red Hat build of Apache Camel 4.4.2 for Spring Boot	cpe:/a:redhat:apache_camel_spring_boot:4.4.2
Red Hat	Red Hat JBoss Enterprise Application Platform 7	cpe:/a:redhat:jboss_enterprise_application_platform:7.4
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8	Unaffected: 0:2.2.33-2.SP2_redhat_00001.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8	Unaffected: 0:7.4.18-1.GA_redhat_00003.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9	Unaffected: 0:2.2.33-2.SP2_redhat_00001.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9	Unaffected: 0:7.4.18-1.GA_redhat_00003.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7	Unaffected: 0:2.2.33-2.SP2_redhat_00001.1.el7eap < * cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7	Unaffected: 0:7.4.18-1.GA_redhat_00003.1.el7eap < * cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 8	cpe:/a:redhat:jboss_enterprise_application_platform:8.0
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:1.11.9-2.redhat_00001.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8 cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:800.3.1-2.GA_redhat_00002.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8 cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.3.14-2.SP2_redhat_00001.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8 cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:8.0.3-13.GA_redhat_00007.1.el8eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8 cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:1.11.9-2.redhat_00001.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8 cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:800.3.1-2.GA_redhat_00002.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8 cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.3.14-2.SP2_redhat_00001.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8 cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:8.0.3-13.GA_redhat_00007.1.el9eap < * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8 cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat build of Apache Camel for Spring Boot 3	cpe:/a:redhat:camel_spring_boot:3
Red Hat	Red Hat Build of Keycloak	cpe:/a:redhat:build_keycloak:
Red Hat	Red Hat build of Quarkus	cpe:/a:redhat:quarkus:3
Red Hat	Red Hat Data Grid 8	cpe:/a:redhat:jboss_data_grid:8
Red Hat	Red Hat Fuse 7	cpe:/a:redhat:jboss_fuse:7
Red Hat	Red Hat Integration Camel K 1	cpe:/a:redhat:integration:1
Red Hat	Red Hat JBoss Data Grid 7	cpe:/a:redhat:jboss_data_grid:7
Red Hat	Red Hat JBoss Enterprise Application Platform Expansion Pack	cpe:/a:redhat:jbosseapxp
Red Hat	Red Hat Process Automation 7	cpe:/a:redhat:jboss_enterprise_bpms_platform:7
Red Hat	Red Hat Single Sign-On 7	cpe:/a:redhat:red_hat_single_sign_on:7

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2024-7885",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-08-21T15:21:22.416004Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-08-21T15:21:42.735Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
         {
            providerMetadata: {
               dateUpdated: "2024-10-11T22:03:18.905Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  url: "https://security.netapp.com/advisory/ntap-20241011-0004/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               collectionURL: "https://github.com/undertow-io/undertow",
               defaultStatus: "unaffected",
               packageName: "undertow",
               versions: [
                  {
                     lessThan: "2.2.36.Final",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "2.3.17.Final",
                     status: "affected",
                     version: "2.3.0.Alpha1",
                     versionType: "custom",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:rhboac_hawtio:4.0.0",
               ],
               defaultStatus: "unaffected",
               packageName: "undertow",
               product: "HawtIO 4.0.0 for Red Hat build of Apache Camel 4",
               vendor: "Red Hat",
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:apache_camel_spring_boot:3.20.7",
               ],
               defaultStatus: "unaffected",
               packageName: "undertow",
               product: "Red Hat build of Apache Camel 3.20.7 for Spring Boot",
               vendor: "Red Hat",
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:apache_camel_spring_boot:4.4.2",
               ],
               defaultStatus: "unaffected",
               packageName: "undertow",
               product: "Red Hat build of Apache Camel 4.4.2 for Spring Boot",
               vendor: "Red Hat",
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:7.4",
               ],
               defaultStatus: "unaffected",
               product: "Red Hat JBoss Enterprise Application Platform 7",
               vendor: "Red Hat",
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9",
                  "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8",
                  "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7",
               ],
               defaultStatus: "affected",
               packageName: "eap7-undertow",
               product: "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:2.2.33-2.SP2_redhat_00001.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9",
                  "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8",
                  "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7",
               ],
               defaultStatus: "affected",
               packageName: "eap7-wildfly",
               product: "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:7.4.18-1.GA_redhat_00003.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9",
                  "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8",
                  "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7",
               ],
               defaultStatus: "affected",
               packageName: "eap7-undertow",
               product: "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:2.2.33-2.SP2_redhat_00001.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9",
                  "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8",
                  "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7",
               ],
               defaultStatus: "affected",
               packageName: "eap7-wildfly",
               product: "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:7.4.18-1.GA_redhat_00003.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9",
                  "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8",
                  "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7",
               ],
               defaultStatus: "affected",
               packageName: "eap7-undertow",
               product: "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:2.2.33-2.SP2_redhat_00001.1.el7eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9",
                  "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8",
                  "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7",
               ],
               defaultStatus: "affected",
               packageName: "eap7-wildfly",
               product: "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:7.4.18-1.GA_redhat_00003.1.el7eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0",
               ],
               defaultStatus: "unaffected",
               packageName: "undertow",
               product: "Red Hat JBoss Enterprise Application Platform 8",
               vendor: "Red Hat",
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-amazon-ion-java",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:1.11.9-2.redhat_00001.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-eap-product-conf-parent",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:800.3.1-2.GA_redhat_00002.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-undertow",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:2.3.14-2.SP2_redhat_00001.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-wildfly",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:8.0.3-13.GA_redhat_00007.1.el8eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-amazon-ion-java",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:1.11.9-2.redhat_00001.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-eap-product-conf-parent",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:800.3.1-2.GA_redhat_00002.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-undertow",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:2.3.14-2.SP2_redhat_00001.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
               ],
               defaultStatus: "affected",
               packageName: "eap8-wildfly",
               product: "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:8.0.3-13.GA_redhat_00007.1.el9eap",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:camel_spring_boot:3",
               ],
               defaultStatus: "affected",
               packageName: "undertow",
               product: "Red Hat build of Apache Camel for Spring Boot 3",
               vendor: "Red Hat",
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:build_keycloak:",
               ],
               defaultStatus: "affected",
               packageName: "undertow",
               product: "Red Hat Build of Keycloak",
               vendor: "Red Hat",
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:quarkus:3",
               ],
               defaultStatus: "unaffected",
               packageName: "io.quarkus/quarkus-undertow",
               product: "Red Hat build of Quarkus",
               vendor: "Red Hat",
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_data_grid:8",
               ],
               defaultStatus: "affected",
               packageName: "undertow",
               product: "Red Hat Data Grid 8",
               vendor: "Red Hat",
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_fuse:7",
               ],
               defaultStatus: "affected",
               packageName: "undertow",
               product: "Red Hat Fuse 7",
               vendor: "Red Hat",
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:integration:1",
               ],
               defaultStatus: "affected",
               packageName: "undertow",
               product: "Red Hat Integration Camel K 1",
               vendor: "Red Hat",
            },
            {
               collectionURL: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
               cpes: [
                  "cpe:/a:redhat:jboss_data_grid:7",
               ],
               defaultStatus: "unknown",
               packageName: "undertow",
               product: "Red Hat JBoss Data Grid 7",
               vendor: "Red Hat",
            },
            {
               collectionURL: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
               cpes: [
                  "cpe:/a:redhat:jbosseapxp",
               ],
               defaultStatus: "unaffected",
               packageName: "undertow",
               product: "Red Hat JBoss Enterprise Application Platform Expansion Pack",
               vendor: "Red Hat",
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_bpms_platform:7",
               ],
               defaultStatus: "unknown",
               packageName: "undertow",
               product: "Red Hat Process Automation 7",
               vendor: "Red Hat",
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:red_hat_single_sign_on:7",
               ],
               defaultStatus: "affected",
               packageName: "undertow",
               product: "Red Hat Single Sign-On 7",
               vendor: "Red Hat",
            },
         ],
         credits: [
            {
               lang: "en",
               value: "Red Hat would like to thank BfC for reporting this issue.",
            },
         ],
         datePublic: "2024-08-07T00:00:00.000Z",
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which could lead to unintended data exposure. This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments.",
            },
         ],
         metrics: [
            {
               other: {
                  content: {
                     namespace: "https://access.redhat.com/security/updates/classification/",
                     value: "Important",
                  },
                  type: "Red Hat severity rating",
               },
            },
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 7.5,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  version: "3.1",
               },
               format: "CVSS",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-362",
                     description: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2025-03-03T14:18:10.445Z",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "RHSA-2024:11023",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2024:11023",
            },
            {
               name: "RHSA-2024:6508",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2024:6508",
            },
            {
               name: "RHSA-2024:6883",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2024:6883",
            },
            {
               name: "RHSA-2024:7441",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2024:7441",
            },
            {
               name: "RHSA-2024:7442",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2024:7442",
            },
            {
               name: "RHSA-2024:7735",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2024:7735",
            },
            {
               name: "RHSA-2024:7736",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2024:7736",
            },
            {
               tags: [
                  "vdb-entry",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/security/cve/CVE-2024-7885",
            },
            {
               name: "RHBZ#2305290",
               tags: [
                  "issue-tracking",
                  "x_refsource_REDHAT",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=2305290",
            },
         ],
         timeline: [
            {
               lang: "en",
               time: "2024-08-16T09:00:41.686000+00:00",
               value: "Reported to Red Hat.",
            },
            {
               lang: "en",
               time: "2024-08-07T00:00:00+00:00",
               value: "Made public.",
            },
         ],
         title: "Undertow: improper state management in proxy protocol parsing causes information leakage",
         x_redhatCweChain: "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')",
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2024-7885",
      datePublished: "2024-08-21T14:13:36.579Z",
      dateReserved: "2024-08-16T15:35:47.357Z",
      dateUpdated: "2025-03-03T14:18:10.445Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2024-7341

Vulnerability from cvelistv5

Published

2024-09-09 18:51

Modified

2024-12-31 14:24

Severity ?

7.1 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Summary

A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin option is configured. This flaw allows an attacker who hijacks the current session before authentication to trigger session fixation.

References

▼	URL	Tags
	https://access.redhat.com/errata/RHSA-2024:6493	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6494	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6495	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6497	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6499	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6500	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6501	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6502	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6503	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2024-7341	vdb-entry, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2302064	issue-tracking, x_refsource_REDHAT

Impacted products

Vendor

Product

Version

▼

Version: 0   ≤
Version: 23.0.0   ≤
Version: 25.0.0   ≤

Red Hat	Red Hat Build of Keycloak	cpe:/a:redhat:build_keycloak:22
Red Hat	Red Hat Build of Keycloak	cpe:/a:redhat:build_keycloak:24
Red Hat	Red Hat build of Keycloak 22	Unaffected: 22.0.12-1 < * cpe:/a:redhat:build_keycloak:22::el9
Red Hat	Red Hat build of Keycloak 22	Unaffected: 22-17 < * cpe:/a:redhat:build_keycloak:22::el9
Red Hat	Red Hat build of Keycloak 22	Unaffected: 22-20 < * cpe:/a:redhat:build_keycloak:22::el9
Red Hat	Red Hat build of Keycloak 24	Unaffected: 24.0.7-4 < * cpe:/a:redhat:build_keycloak:24::el9
Red Hat	Red Hat build of Keycloak 24	Unaffected: 24-16 < * cpe:/a:redhat:build_keycloak:24::el9
Red Hat	Red Hat build of Keycloak 24	Unaffected: 24-16 < * cpe:/a:redhat:build_keycloak:24::el9
Red Hat	Red Hat Single Sign-On 7	cpe:/a:redhat:red_hat_single_sign_on:7.6
Red Hat	Red Hat Single Sign-On 7.6 for RHEL 7	Unaffected: 0:18.0.16-1.redhat_00001.1.el7sso < * cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
Red Hat	Red Hat Single Sign-On 7.6 for RHEL 8	Unaffected: 0:18.0.16-1.redhat_00001.1.el8sso < * cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
Red Hat	Red Hat Single Sign-On 7.6 for RHEL 9	Unaffected: 0:18.0.16-1.redhat_00001.1.el9sso < * cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
Red Hat	RHEL-8 based Middleware Containers	Unaffected: 7.6-52 < * cpe:/a:redhat:rhosemc:1.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8	cpe:/a:redhat:jboss_enterprise_application_platform:8

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2024-7341",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-09-09T19:59:06.075961Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-09-09T19:59:16.927Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               collectionURL: "https://github.com/keycloak/keycloak",
               defaultStatus: "unaffected",
               packageName: "org.keycloak:keycloak-services",
               versions: [
                  {
                     lessThan: "22.0.12",
                     status: "affected",
                     version: "0",
                     versionType: "semver",
                  },
                  {
                     lessThan: "24.0.7",
                     status: "affected",
                     version: "23.0.0",
                     versionType: "semver",
                  },
                  {
                     lessThan: "25.0.5",
                     status: "affected",
                     version: "25.0.0",
                     versionType: "semver",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:build_keycloak:22",
               ],
               defaultStatus: "unaffected",
               packageName: "org.keycloak/keycloak-services",
               product: "Red Hat Build of Keycloak",
               vendor: "Red Hat",
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:build_keycloak:24",
               ],
               defaultStatus: "unaffected",
               packageName: "org.keycloak/keycloak-services",
               product: "Red Hat Build of Keycloak",
               vendor: "Red Hat",
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:build_keycloak:22::el9",
               ],
               defaultStatus: "affected",
               packageName: "rhbk/keycloak-operator-bundle",
               product: "Red Hat build of Keycloak 22",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "22.0.12-1",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:build_keycloak:22::el9",
               ],
               defaultStatus: "affected",
               packageName: "rhbk/keycloak-rhel9",
               product: "Red Hat build of Keycloak 22",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "22-17",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:build_keycloak:22::el9",
               ],
               defaultStatus: "affected",
               packageName: "rhbk/keycloak-rhel9-operator",
               product: "Red Hat build of Keycloak 22",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "22-20",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:build_keycloak:24::el9",
               ],
               defaultStatus: "affected",
               packageName: "rhbk/keycloak-operator-bundle",
               product: "Red Hat build of Keycloak 24",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "24.0.7-4",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:build_keycloak:24::el9",
               ],
               defaultStatus: "affected",
               packageName: "rhbk/keycloak-rhel9",
               product: "Red Hat build of Keycloak 24",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "24-16",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:build_keycloak:24::el9",
               ],
               defaultStatus: "affected",
               packageName: "rhbk/keycloak-rhel9-operator",
               product: "Red Hat build of Keycloak 24",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "24-16",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:red_hat_single_sign_on:7.6",
               ],
               defaultStatus: "unaffected",
               packageName: "org.keycloak/keycloak-services",
               product: "Red Hat Single Sign-On 7",
               vendor: "Red Hat",
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7",
               ],
               defaultStatus: "affected",
               packageName: "rh-sso7-keycloak",
               product: "Red Hat Single Sign-On 7.6 for RHEL 7",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:18.0.16-1.redhat_00001.1.el7sso",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8",
               ],
               defaultStatus: "affected",
               packageName: "rh-sso7-keycloak",
               product: "Red Hat Single Sign-On 7.6 for RHEL 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:18.0.16-1.redhat_00001.1.el8sso",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9",
               ],
               defaultStatus: "affected",
               packageName: "rh-sso7-keycloak",
               product: "Red Hat Single Sign-On 7.6 for RHEL 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:18.0.16-1.redhat_00001.1.el9sso",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:rhosemc:1.0::el8",
               ],
               defaultStatus: "affected",
               packageName: "rh-sso-7/sso76-openshift-rhel8",
               product: "RHEL-8 based Middleware Containers",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "7.6-52",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
               cpes: [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8",
               ],
               defaultStatus: "affected",
               packageName: "org.keycloak/keycloak-services",
               product: "Red Hat JBoss Enterprise Application Platform 8",
               vendor: "Red Hat",
            },
         ],
         datePublic: "2024-09-09T13:48:00+00:00",
         descriptions: [
            {
               lang: "en",
               value: "A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin option is configured. This flaw allows an attacker who hijacks the current session before authentication to trigger session fixation.",
            },
         ],
         metrics: [
            {
               other: {
                  content: {
                     namespace: "https://access.redhat.com/security/updates/classification/",
                     value: "Moderate",
                  },
                  type: "Red Hat severity rating",
               },
            },
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 7.1,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               format: "CVSS",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-384",
                     description: "Session Fixation",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-12-31T14:24:03.545Z",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "RHSA-2024:6493",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2024:6493",
            },
            {
               name: "RHSA-2024:6494",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2024:6494",
            },
            {
               name: "RHSA-2024:6495",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2024:6495",
            },
            {
               name: "RHSA-2024:6497",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2024:6497",
            },
            {
               name: "RHSA-2024:6499",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2024:6499",
            },
            {
               name: "RHSA-2024:6500",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2024:6500",
            },
            {
               name: "RHSA-2024:6501",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2024:6501",
            },
            {
               name: "RHSA-2024:6502",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2024:6502",
            },
            {
               name: "RHSA-2024:6503",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2024:6503",
            },
            {
               tags: [
                  "vdb-entry",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/security/cve/CVE-2024-7341",
            },
            {
               name: "RHBZ#2302064",
               tags: [
                  "issue-tracking",
                  "x_refsource_REDHAT",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=2302064",
            },
         ],
         timeline: [
            {
               lang: "en",
               time: "2024-07-31T15:02:21+00:00",
               value: "Reported to Red Hat.",
            },
            {
               lang: "en",
               time: "2024-09-09T13:48:00+00:00",
               value: "Made public.",
            },
         ],
         title: "Wildfly-elytron: org.keycloak/keycloak-services: session fixation in elytron saml adapters",
         workarounds: [
            {
               lang: "en",
               value: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
            },
         ],
         x_redhatCweChain: "CWE-384: Session Fixation",
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2024-7341",
      datePublished: "2024-09-09T18:51:13.537Z",
      dateReserved: "2024-07-31T15:13:22.220Z",
      dateUpdated: "2024-12-31T14:24:03.545Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

Vulnerability from fkie_nvd

Published

2024-09-09 19:15

Modified

2024-10-07 20:15

Severity ?

4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Summary

References

URL	Tags
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:6502	Issue Tracking
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:6503	Issue Tracking
secalert@redhat.com	https://access.redhat.com/security/cve/CVE-2024-7318	Vendor Advisory
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=2301876	Issue Tracking, Vendor Advisory

Impacted products

	Vendor	Product	Version
	redhat	build_of_keycloak	*

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:build_of_keycloak:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B2383FB8-896C-4C88-8256-88D8EEA0C0CE",
                     versionEndExcluding: "24.0.7",
                     versionStartIncluding: "22.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A vulnerability was found in Keycloak. Expired OTP codes are still usable when using FreeOTP when the OTP token period is set to 30 seconds (default). Instead of expiring and deemed unusable around 30 seconds in, the tokens are valid for an additional 30 seconds totaling 1 minute.\r\nA one time passcode that is valid longer than its expiration time increases the attack window for malicious actors to abuse the system and compromise accounts. Additionally, it increases the attack surface because at any given time, two OTPs are valid.",
      },
      {
         lang: "es",
         value: "Se encontró una vulnerabilidad en Keycloak. Los códigos OTP vencidos aún se pueden usar al usar FreeOTP cuando el período del token OTP está configurado en 30 segundos (predeterminado). En lugar de vencer y considerarse inutilizables después de unos 30 segundos, los tokens son válidos durante 30 segundos adicionales, lo que suma un total de 1 minuto. Un código de acceso de un solo uso que sea válido por más tiempo que su tiempo de vencimiento aumenta la ventana de ataque para que los actores maliciosos abusen del sistema y comprometan las cuentas. Además, aumenta la superficie de ataque porque en un momento dado, dos OTP son válidas.",
      },
   ],
   id: "CVE-2024-7318",
   lastModified: "2024-10-07T20:15:17.153",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 4.8,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.2,
            impactScore: 2.5,
            source: "secalert@redhat.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 4.8,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.2,
            impactScore: 2.5,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2024-09-09T19:15:14.237",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
         ],
         url: "https://access.redhat.com/errata/RHSA-2024:6502",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
         ],
         url: "https://access.redhat.com/errata/RHSA-2024:6503",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/security/cve/CVE-2024-7318",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=2301876",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Analyzed",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-324",
            },
         ],
         source: "secalert@redhat.com",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2024-08-21 14:15

Modified

2024-12-12 22:15

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:11023
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:6508
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:6883
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:7441
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:7442
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:7735
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:7736
secalert@redhat.com	https://access.redhat.com/security/cve/CVE-2024-7885	Vendor Advisory
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=2305290	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20241011-0004/

Impacted products

Vendor	Product	Version
redhat	build_of_apache_camel_-_hawtio	-
redhat	build_of_apache_camel_for_spring_boot	-
redhat	build_of_keycloak	-
redhat	data_grid	8.0.0
redhat	integration_camel_k	-
redhat	jboss_enterprise_application_platform	7.0.0
redhat	jboss_enterprise_application_platform	8.0.0
redhat	jboss_fuse	7.0.0
redhat	process_automation	7.0
redhat	single_sign-on	7.0

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:build_of_apache_camel_-_hawtio:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "4B1DC0F4-BF84-4399-9487-DEF10CEC3D97",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:build_of_apache_camel_for_spring_boot:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EDE67672-8894-448B-84B5-3CD3610A8117",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:build_of_keycloak:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "824BB506-D01A-4C88-AD4A-3C94A2409CD2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:data_grid:8.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "3311F2A9-C028-4765-BF79-BC370D15550C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B87C8AD3-8878-4546-86C2-BF411876648C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "72A54BDA-311C-413B-8E4D-388AD65A170A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:8.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D8BC03A-4198-4488-946B-3F6B43962942",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "B40CCE4F-EA2C-453D-BB76-6388767E5C6D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "20A6B40D-F991-4712-8E30-5FE008505CB7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "9EFEC7CA-8DDA-48A6-A7B6-1F1D14792890",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which could lead to unintended data exposure. This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments.",
      },
      {
         lang: "es",
         value: "Se encontró una vulnerabilidad en Undertow donde ProxyProtocolReadListener reutiliza la misma instancia de StringBuilder en múltiples solicitudes. Este problema ocurre cuando el método parseProxyProtocolV1 procesa múltiples solicitudes en la misma conexión HTTP. Como resultado, diferentes solicitudes pueden compartir la misma instancia de StringBuilder, lo que podría provocar una fuga de información entre solicitudes o respuestas. En algunos casos, un valor de una solicitud o respuesta anterior puede reutilizarse por error, lo que podría provocar una exposición no deseada de los datos. Este problema produce principalmente errores y terminación de la conexión, pero crea un riesgo de fuga de datos en entornos de solicitudes múltiples.",
      },
   ],
   id: "CVE-2024-7885",
   lastModified: "2024-12-12T22:15:08.717",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "secalert@redhat.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2024-08-21T14:15:09.500",
   references: [
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2024:11023",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2024:6508",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2024:6883",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2024:7441",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2024:7442",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2024:7735",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2024:7736",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/security/cve/CVE-2024-7885",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=2305290",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.netapp.com/advisory/ntap-20241011-0004/",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-362",
            },
         ],
         source: "secalert@redhat.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2024-10-22 14:15

Modified

2025-03-03 15:15

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
7.3 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

Summary

References

URL	Tags
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:2025
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:2026
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:2029
secalert@redhat.com	https://access.redhat.com/security/cve/CVE-2024-10234	Vendor Advisory
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=2320848	Issue Tracking

Impacted products

	Vendor	Product	Version
	redhat	build_of_keycloak	-
	redhat	jboss_enterprise_application_platform	8.0

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:build_of_keycloak:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "824BB506-D01A-4C88-AD4A-3C94A2409CD2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "01FBC63E-BB92-49FF-AA00-BF0FCC17732A",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A vulnerability was found in Wildfly, where a user may perform Cross-site scripting in the Wildfly deployment system. This flaw allows an attacker or insider to execute a deployment with a malicious payload, which could trigger undesired behavior against the server.",
      },
      {
         lang: "es",
         value: "Se encontró una vulnerabilidad en Wildfly, donde un usuario puede ejecutar cross-site scripting en el sistema de implementación de Wildfly. Este fallo permite que un atacante o un usuario interno ejecute una implementación con un payload, que podría desencadenar un comportamiento no deseado contra el servidor.",
      },
   ],
   id: "CVE-2024-10234",
   lastModified: "2025-03-03T15:15:13.357",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.1,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "HIGH",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
               version: "3.1",
            },
            exploitabilityScore: 0.9,
            impactScore: 5.2,
            source: "secalert@redhat.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 7.3,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.1,
            impactScore: 5.2,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2024-10-22T14:15:14.573",
   references: [
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2025:2025",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2025:2026",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2025:2029",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/security/cve/CVE-2024-10234",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=2320848",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-79",
            },
         ],
         source: "secalert@redhat.com",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2024-09-03 20:15

Modified

2024-11-21 09:43

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Summary

References

URL	Tags
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:6493	Vendor Advisory
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:6494	Vendor Advisory
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:6495	Vendor Advisory
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:6497	Vendor Advisory
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:6499	Vendor Advisory
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:6500	Vendor Advisory
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:6501	Vendor Advisory
secalert@redhat.com	https://access.redhat.com/security/cve/CVE-2024-4629	Vendor Advisory
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=2276761	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/hnsecurity/vulns/blob/main/HNS-2024-09-Keycloak.md
af854a3a-2127-422b-91ae-364da2661108	https://security.humanativaspa.it/an-analysis-of-the-keycloak-authentication-system/

Impacted products

Vendor	Product	Version
redhat	keycloak	*
redhat	build_of_keycloak	*
redhat	single_sign-on	-
redhat	single_sign-on	*
redhat	enterprise_linux	7.0
redhat	enterprise_linux	8.0
redhat	enterprise_linux	9.0
redhat	openshift_container_platform	4.11
redhat	openshift_container_platform	4.12
redhat	openshift_container_platform_for_linuxone	4.9
redhat	openshift_container_platform_for_linuxone	4.10
redhat	openshift_container_platform_for_power	4.9
redhat	openshift_container_platform_for_power	4.10
redhat	openshift_container_platform_ibm_z_systems	4.9
redhat	openshift_container_platform_ibm_z_systems	4.10
redhat	enterprise_linux	8.0

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "EEB94F86-A977-493B-9F12-6991F84F955C",
                     versionEndExcluding: "24.0.3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:build_of_keycloak:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "395F9BD6-C79B-442A-AA00-F96CA978B910",
                     versionEndExcluding: "22.012",
                     versionStartIncluding: "22.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:*",
                     matchCriteriaId: "341E6313-20D5-44CB-9719-B20585DC5AD6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:single_sign-on:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "92BC930F-97E8-4FA9-80C5-3A8DB327990B",
                     versionEndExcluding: "7.6.10",
                     versionStartIncluding: "7.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift_container_platform:4.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "EA983F8C-3A06-450A-AEFF-9429DE9A3454",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift_container_platform:4.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "40449571-22F8-44FA-B57B-B43F71AB25E2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "B02036DD-4489-480B-B7D4-4EB08952377B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "C7E78C55-45B6-4E01-9773-D3468F8EA9C3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift_container_platform_for_power:4.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "30E2CF79-2D56-48AB-952E-5DDAFE471073",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift_container_platform_for_power:4.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "54E24055-813B-4E6D-94B7-FAD5F78B8537",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "CC262C4C-7B6A-4117-A50F-1FF69296DDD8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "E58526FB-522F-4AAC-B03C-9CAB443D0CFF",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating multiple login requests simultaneously, attackers can exceed the configured limits for failed attempts before the system locks them out. This timing loophole enables attackers to make more guesses at passwords than intended, potentially compromising account security on affected systems.",
      },
      {
         lang: "es",
         value: "Se encontró una vulnerabilidad en Keycloak. Esta falla permite a los atacantes eludir la protección por fuerza bruta al explotar el tiempo de los intentos de inicio de sesión. Al iniciar múltiples solicitudes de inicio de sesión simultáneamente, los atacantes pueden superar los límites configurados para intentos fallidos antes de que el sistema los bloquee. Esta falla de tiempo permite a los atacantes realizar más intentos de adivinar contraseñas de lo previsto, lo que podría comprometer la seguridad de las cuentas en los sistemas afectados.",
      },
   ],
   id: "CVE-2024-4629",
   lastModified: "2024-11-21T09:43:14.917",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 2.5,
            source: "secalert@redhat.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 2.5,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2024-09-03T20:15:09.003",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2024:6493",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2024:6494",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2024:6495",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2024:6497",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2024:6499",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2024:6500",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2024:6501",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/security/cve/CVE-2024-4629",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=2276761",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://github.com/hnsecurity/vulns/blob/main/HNS-2024-09-Keycloak.md",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.humanativaspa.it/an-analysis-of-the-keycloak-authentication-system/",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-837",
            },
         ],
         source: "secalert@redhat.com",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2024-09-19 16:15

Modified

2024-11-26 19:15

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

References

URL	Tags
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:10385
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:10386
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:6878	Vendor Advisory
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:6879	Vendor Advisory
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:6880	Vendor Advisory
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:6882	Vendor Advisory
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:6886	Vendor Advisory
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:6887	Vendor Advisory
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:6888	Vendor Advisory
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:6889	Vendor Advisory
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:6890	Vendor Advisory
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:8823
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:8824
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:8826
secalert@redhat.com	https://access.redhat.com/security/cve/CVE-2024-8883	Vendor Advisory
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=2312511	Issue Tracking, Vendor Advisory
secalert@redhat.com	https://github.com/keycloak/keycloak/blob/main/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java	Product

Impacted products

Vendor	Product	Version
redhat	build_of_keycloak	-
redhat	openshift_container_platform	4.11
redhat	openshift_container_platform	4.12
redhat	openshift_container_platform_for_ibm_z	4.9
redhat	openshift_container_platform_for_ibm_z	4.10
redhat	openshift_container_platform_for_linuxone	4.9
redhat	openshift_container_platform_for_linuxone	4.10
redhat	openshift_container_platform_for_power	4.9
redhat	openshift_container_platform_for_power	4.10
redhat	single_sign-on	-
redhat	single_sign-on	7.6

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:build_of_keycloak:-:*:*:*:text-only:*:*:*",
                     matchCriteriaId: "1830E455-7E11-4264-862D-05971A42D4A6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift_container_platform:4.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "EA983F8C-3A06-450A-AEFF-9429DE9A3454",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift_container_platform:4.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "40449571-22F8-44FA-B57B-B43F71AB25E2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "01B0F191-ADDB-4AAE-A5C5-5CC16909E64A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "FD75BCB4-F0E1-4C05-A2D7-001503C805C9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "B02036DD-4489-480B-B7D4-4EB08952377B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "C7E78C55-45B6-4E01-9773-D3468F8EA9C3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift_container_platform_for_power:4.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "30E2CF79-2D56-48AB-952E-5DDAFE471073",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift_container_platform_for_power:4.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "54E24055-813B-4E6D-94B7-FAD5F78B8537",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:*",
                     matchCriteriaId: "341E6313-20D5-44CB-9719-B20585DC5AD6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:single_sign-on:7.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "2DEC61BC-E699-456E-99B6-C049F2A5F23F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking.",
      },
      {
         lang: "es",
         value: "Se encontró una falla de configuración incorrecta en Keycloak. Este problema puede permitir que un atacante redirija a los usuarios a una URL arbitraria si una \"URI de redireccionamiento válida\" está configurada en http://localhost o http://127.0.0.1, lo que permite que información confidencial, como códigos de autorización, quede expuesta al atacante, lo que puede llevar al secuestro de la sesión.",
      },
   ],
   id: "CVE-2024-8883",
   lastModified: "2024-11-26T19:15:32.253",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.1,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 2.7,
            source: "secalert@redhat.com",
            type: "Primary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.1,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 2.7,
            source: "nvd@nist.gov",
            type: "Secondary",
         },
      ],
   },
   published: "2024-09-19T16:15:06.403",
   references: [
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2024:10385",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2024:10386",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2024:6878",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2024:6879",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2024:6880",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2024:6882",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2024:6886",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2024:6887",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2024:6888",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2024:6889",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2024:6890",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2024:8823",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2024:8824",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2024:8826",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/security/cve/CVE-2024-8883",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=2312511",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Product",
         ],
         url: "https://github.com/keycloak/keycloak/blob/main/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-601",
            },
         ],
         source: "secalert@redhat.com",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2024-09-09 19:15

Modified

2024-10-01 14:15

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

References

URL	Tags
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:6502	Issue Tracking
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:6503	Issue Tracking
secalert@redhat.com	https://access.redhat.com/security/cve/CVE-2024-7260	Vendor Advisory
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=2301875	Issue Tracking, Vendor Advisory

Impacted products

	Vendor	Product	Version
	redhat	build_of_keycloak	*
	redhat	keycloak	*

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:build_of_keycloak:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "802E2FCC-19AA-419E-8A1B-50E8F612A687",
                     versionEndExcluding: "24.0.7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "78B09F16-131D-4A15-9D00-A085F210E717",
                     versionEndExcluding: "24.0.7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An open redirect vulnerability was found in Keycloak. A specially crafted URL can be constructed where the referrer and referrer_uri parameters are made to trick a user to visit a malicious webpage. A trusted URL can trick users and automation into believing that the URL is safe, when, in fact, it redirects to a malicious server. This issue can result in a victim inadvertently trusting the destination of the redirect, potentially leading to a successful phishing attack or other types of attacks.\r\n\r\nOnce a crafted URL is made, it can be sent to a Keycloak admin via email for example. This will trigger this vulnerability when the user visits the page and clicks the link. A malicious actor can use this to target users they know are Keycloak admins for further attacks. It may also be possible to bypass other domain-related security checks, such as supplying this as a OAuth redirect uri. The malicious actor can further obfuscate the redirect_uri using URL encoding, to hide the text of the actual malicious website domain.",
      },
      {
         lang: "es",
         value: "Se encontró una vulnerabilidad de redirección abierta en Keycloak. Se puede construir una URL especialmente manipulada donde los parámetros referrer y referrer_uri se crean para engañar a un usuario para que visite una página web maliciosa. Una URL confiable puede engañar a los usuarios y a la automatización haciéndoles creer que la URL es segura, cuando, de hecho, redirecciona a un servidor malicioso. Este problema puede provocar que una víctima confíe inadvertidamente en el destino de la redirección, lo que puede llevar a un ataque de phishing exitoso u otros tipos de ataques. Una vez que se crea una URL manipulada, se puede enviar a un administrador de Keycloak por correo electrónico, por ejemplo. Esto activará esta vulnerabilidad cuando el usuario visite la página y haga clic en el enlace. Un actor malicioso puede usar esto para apuntar a usuarios que sabe que son administradores de Keycloak para futuros ataques. También puede ser posible eludir otros controles de seguridad relacionados con el dominio, como proporcionar esto como una URL de redireccionamiento de OAuth. El actor malicioso puede ofuscar aún más la redirect_uri mediante la codificación de URL, para ocultar el texto del dominio real del sitio web malicioso.",
      },
   ],
   id: "CVE-2024-7260",
   lastModified: "2024-10-01T14:15:06.553",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.1,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 2.7,
            source: "secalert@redhat.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.1,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 2.7,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2024-09-09T19:15:14.033",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
         ],
         url: "https://access.redhat.com/errata/RHSA-2024:6502",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
         ],
         url: "https://access.redhat.com/errata/RHSA-2024:6503",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/security/cve/CVE-2024-7260",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=2301875",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-601",
            },
         ],
         source: "secalert@redhat.com",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2024-09-09 19:15

Modified

2024-10-04 12:48

Severity ?

7.1 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
7.1 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:6493	Mailing List
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:6494	Mailing List
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:6495	Mailing List
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:6497	Mailing List
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:6499	Mailing List
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:6500	Mailing List
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:6501	Mailing List
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:6502	Mailing List
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:6503	Mailing List
secalert@redhat.com	https://access.redhat.com/security/cve/CVE-2024-7341	Vendor Advisory
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=2302064	Issue Tracking, Vendor Advisory

Impacted products

Vendor	Product	Version
redhat	keycloak	*
redhat	single_sign-on	*
redhat	enterprise_linux	7.0
redhat	enterprise_linux	8.0
redhat	enterprise_linux	9.0
redhat	build_of_keycloak	*
redhat	build_of_keycloak	*
redhat	single_sign-on	-

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9DF1E078-5CC4-42CE-BE81-27A8B47D4616",
                     versionEndIncluding: "25.0.2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:single_sign-on:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "92BC930F-97E8-4FA9-80C5-3A8DB327990B",
                     versionEndExcluding: "7.6.10",
                     versionStartIncluding: "7.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:build_of_keycloak:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "62171FB0-B5A2-4127-90AE-46F8630FDF2C",
                     versionEndExcluding: "22.0.12",
                     versionStartIncluding: "22.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:build_of_keycloak:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5BEDEAB7-7C93-4274-8696-3A8EDCF87043",
                     versionEndExcluding: "24.0.7",
                     versionStartIncluding: "24.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:*",
                     matchCriteriaId: "341E6313-20D5-44CB-9719-B20585DC5AD6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin option is configured. This flaw allows an attacker who hijacks the current session before authentication to trigger session fixation.",
      },
      {
         lang: "es",
         value: "Se descubrió un problema de fijación de sesión en los adaptadores SAML proporcionados por Keycloak. El ID de sesión y la cookie JSESSIONID no se modifican en el momento de iniciar sesión, incluso cuando está configurada la opción turnOffChangeSessionIdOnLogin. Esta falla permite que un atacante que secuestra la sesión actual antes de la autenticación active la fijación de sesión.",
      },
   ],
   id: "CVE-2024-7341",
   lastModified: "2024-10-04T12:48:43.523",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.1,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.2,
            impactScore: 5.9,
            source: "secalert@redhat.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.1,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.2,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2024-09-09T19:15:14.450",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
         ],
         url: "https://access.redhat.com/errata/RHSA-2024:6493",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
         ],
         url: "https://access.redhat.com/errata/RHSA-2024:6494",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
         ],
         url: "https://access.redhat.com/errata/RHSA-2024:6495",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
         ],
         url: "https://access.redhat.com/errata/RHSA-2024:6497",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
         ],
         url: "https://access.redhat.com/errata/RHSA-2024:6499",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
         ],
         url: "https://access.redhat.com/errata/RHSA-2024:6500",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
         ],
         url: "https://access.redhat.com/errata/RHSA-2024:6501",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
         ],
         url: "https://access.redhat.com/errata/RHSA-2024:6502",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
         ],
         url: "https://access.redhat.com/errata/RHSA-2024:6503",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/security/cve/CVE-2024-7341",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=2302064",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Analyzed",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-384",
            },
         ],
         source: "secalert@redhat.com",
         type: "Primary",
      },
   ],
}