CVE-2018-10894
MEDIUM5.4EPSS 0.05%Keycloak Authentication Error
發布日:2022/5/13修改日:2024/2/16
描述
It was found that SAML authentication in Keycloak 3.4.3.Final incorrectly authenticated expired certificates. A malicious user could use this to access unauthorized data or possibly conduct further attacks.
受影響套件(2)
- Maven/org.keycloak:keycloak-saml-adapter-corefrom 0, < 4.4.0.Final
- Maven/org.keycloak:keycloak-servicesfrom 0, < 4.4.0.Final
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.4 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
參考連結(8)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-10894
- PATCHhttps://github.com/keycloak/keycloak
- WEBhttps://access.redhat.com/errata/RHSA-2018:3592
- WEBhttps://access.redhat.com/errata/RHSA-2018:3593
- WEBhttps://access.redhat.com/errata/RHSA-2018:3595
- WEBhttps://access.redhat.com/errata/RHSA-2019:0877
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10894
- WEBhttps://github.com/keycloak/keycloak/commit/812e76c39b1e693e8f11e5549cca2c90631f372e