MEDIUM 5.4 Maven
Keycloak Authentication Error
GHSA-xvv8-8wh9-9fh2 · CVE-2018-10894
Published · Modified
Description
It was found that SAML authentication in Keycloak 3.4.3.Final incorrectly authenticated expired certificates. A malicious user could use this to access unauthorized data or possibly conduct further attacks.
References
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2018-10894
- WEB https://github.com/keycloak/keycloak/commit/812e76c39b1e693e8f11e5549cca2c90631f372e
- WEB https://access.redhat.com/errata/RHSA-2018:3592
- WEB https://access.redhat.com/errata/RHSA-2018:3593
- WEB https://access.redhat.com/errata/RHSA-2018:3595
- WEB https://access.redhat.com/errata/RHSA-2019:0877
- WEB https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10894
- PACKAGE https://github.com/keycloak/keycloak
Ready to move
Start Securing
Free, no credit card | First findings in minutes