CVE-2018-10894
MEDIUM5.4EPSS 0.05%Keycloak Authentication Error
Published: 5/13/2022Modified: 2/16/2024
Description
It was found that SAML authentication in Keycloak 3.4.3.Final incorrectly authenticated expired certificates. A malicious user could use this to access unauthorized data or possibly conduct further attacks.
Affected packages (2)
- Maven/org.keycloak:keycloak-saml-adapter-corefrom 0, < 4.4.0.Final
- Maven/org.keycloak:keycloak-servicesfrom 0, < 4.4.0.Final
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.4 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
References (8)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-10894
- PATCHhttps://github.com/keycloak/keycloak
- WEBhttps://access.redhat.com/errata/RHSA-2018:3592
- WEBhttps://access.redhat.com/errata/RHSA-2018:3593
- WEBhttps://access.redhat.com/errata/RHSA-2018:3595
- WEBhttps://access.redhat.com/errata/RHSA-2019:0877
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10894
- WEBhttps://github.com/keycloak/keycloak/commit/812e76c39b1e693e8f11e5549cca2c90631f372e