fkie_cve-2024-7341
Vulnerability from fkie_nvd
Published
2024-09-09 19:15
Modified
2024-10-04 12:48
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
7.1 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Summary
A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin option is configured. This flaw allows an attacker who hijacks the current session before authentication to trigger session fixation.
References
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:6493Mailing List
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:6494Mailing List
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:6495Mailing List
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:6497Mailing List
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:6499Mailing List
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:6500Mailing List
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:6501Mailing List
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:6502Mailing List
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:6503Mailing List
secalert@redhat.comhttps://access.redhat.com/security/cve/CVE-2024-7341Vendor Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2302064Issue Tracking, Vendor Advisory
Impacted products
Vendor Product Version
redhat keycloak *
redhat single_sign-on *
redhat enterprise_linux 7.0
redhat enterprise_linux 8.0
redhat enterprise_linux 9.0
redhat build_of_keycloak *
redhat build_of_keycloak *
redhat single_sign-on -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DF1E078-5CC4-42CE-BE81-27A8B47D4616",
              "versionEndIncluding": "25.0.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:single_sign-on:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "92BC930F-97E8-4FA9-80C5-3A8DB327990B",
              "versionEndExcluding": "7.6.10",
              "versionStartIncluding": "7.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:build_of_keycloak:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "62171FB0-B5A2-4127-90AE-46F8630FDF2C",
              "versionEndExcluding": "22.0.12",
              "versionStartIncluding": "22.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:build_of_keycloak:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BEDEAB7-7C93-4274-8696-3A8EDCF87043",
              "versionEndExcluding": "24.0.7",
              "versionStartIncluding": "24.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:*",
              "matchCriteriaId": "341E6313-20D5-44CB-9719-B20585DC5AD6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin option is configured. This flaw allows an attacker who hijacks the current session before authentication to trigger session fixation."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema de fijaci\u00f3n de sesi\u00f3n en los adaptadores SAML proporcionados por Keycloak. El ID de sesi\u00f3n y la cookie JSESSIONID no se modifican en el momento de iniciar sesi\u00f3n, incluso cuando est\u00e1 configurada la opci\u00f3n turnOffChangeSessionIdOnLogin. Esta falla permite que un atacante que secuestra la sesi\u00f3n actual antes de la autenticaci\u00f3n active la fijaci\u00f3n de sesi\u00f3n."
    }
  ],
  "id": "CVE-2024-7341",
  "lastModified": "2024-10-04T12:48:43.523",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-09-09T19:15:14.450",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2024:6493"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2024:6494"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2024:6495"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2024:6497"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2024:6499"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2024:6500"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2024:6501"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2024:6502"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2024:6503"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://access.redhat.com/security/cve/CVE-2024-7341"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302064"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-384"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.