CVE-2020-35509

Опубликовано: 04 янв. 2021

Источник: redhat

CVSS3: 4.2

EPSS Низкий

Описание

A flaw was found in keycloak affecting versions 11.0.3 and 12.0.0. An expired certificate would be accepted by the direct-grant authenticator because of missing time stamp validations. The highest threat from this vulnerability is to data confidentiality and integrity.

A flaw was found in keycloak. An expired certificate would be accepted by the direct-grant authenticator because of missing time stamp validations. The highest threat from this vulnerability is to data confidentiality and integrity.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Decision Manager 7	keycloak	Not affected
Red Hat Fuse 7	keycloak	Not affected
Red Hat Integration Camel K 1	keycloak	Not affected
Red Hat OpenShift Application Runtimes	keycloak	Not affected
Red Hat Process Automation 7	keycloak	Not affected
Red Hat support for Spring Boot	keycloak	Not affected
Red Hat Single Sign-On 7.4.9		Fixed	RHSA-2021:3534	14.09.2021
Red Hat Single Sign-On 7.4 for RHEL 6	rh-sso7-keycloak	Fixed	RHSA-2021:3527	14.09.2021
Red Hat Single Sign-On 7.4 for RHEL 7	rh-sso7-keycloak	Fixed	RHSA-2021:3528	14.09.2021
Red Hat Single Sign-On 7.4 for RHEL 8	rh-sso7-keycloak	Fixed	RHSA-2021:3529	14.09.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-20

https://bugzilla.redhat.com/show_bug.cgi?id=1912427keycloak: X509 Direct Grant Auth does not verify certificate timestamp validity

EPSS

Процентиль: 25%

0.00087

Низкий

4.2 Medium

CVSS3

Связанные уязвимости

CVE-2020-35509

CVSS3: 5.4

nvd

больше 3 лет назад

CVE-2020-35509

CVSS3: 5.4

debian

больше 3 лет назад

A flaw was found in keycloak affecting versions 11.0.3 and 12.0.0. An ...

GHSA-rpj2-w6fr-79hc

CVSS3: 5.4

github

больше 3 лет назад

Keycloak vulnerable to Improper Certificate Validation

EPSS

Процентиль: 25%

0.00087

Низкий

4.2 Medium

CVSS3