Описание
A flaw was found in Keycloak's SAML brokering functionality. When Keycloak is configured as a client in a Security Assertion Markup Language (SAML) setup, it fails to validate the NotOnOrAfter timestamp within the SubjectConfirmationData. This allows an attacker to delay the expiration of SAML responses, potentially extending the time a response is considered valid and leading to unexpected session durations or resource consumption.
EPSS
Процентиль: 15%
0.00048
Низкий
3.1 Low
CVSS3
Дефекты
CWE-112
Связанные уязвимости
CVSS3: 3.1
debian
12 дней назад
A flaw was found in Keycloak's SAML brokering functionality. When Keyc ...
CVSS3: 3.1
github
12 дней назад
Keycloak's missing timestamp validation allows attackers to extend SAML response validity periods
EPSS
Процентиль: 15%
0.00048
Низкий
3.1 Low
CVSS3
Дефекты
CWE-112