Описание
A flaw was found in keycloak where keycloak may fail to logout user session if the logout request comes from external SAML identity provider and Principal Type is set to Attribute [Name].
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Decision Manager 7 | keycloak | Not affected | ||
| Red Hat Fuse 7 | keycloak | Not affected | ||
| Red Hat Integration Camel K 1 | keycloak | Not affected | ||
| Red Hat OpenShift Application Runtimes | keycloak | Not affected | ||
| Red Hat Process Automation 7 | keycloak | Not affected | ||
| Red Hat support for Spring Boot | keycloak | Not affected | ||
| Red Hat Single Sign-On 7.4.7 | Fixed | RHSA-2021:2070 | 20.05.2021 | |
| Red Hat Single Sign-On 7.4 for RHEL 6 | rh-sso7-keycloak | Fixed | RHSA-2021:2063 | 20.05.2021 |
| Red Hat Single Sign-On 7.4 for RHEL 7 | rh-sso7-keycloak | Fixed | RHSA-2021:2064 | 20.05.2021 |
| Red Hat Single Sign-On 7.4 for RHEL 8 | rh-sso7-keycloak | Fixed | RHSA-2021:2065 | 20.05.2021 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-613
https://bugzilla.redhat.com/show_bug.cgi?id=1941565keycloak: Backchannel logout not working when Principal Type is set to Attribute Name for external SAML IDP
EPSS
Процентиль: 16%
0.00052
Низкий
7.1 High
CVSS3
Связанные уязвимости
CVSS3: 7.1
nvd
почти 4 года назад
A flaw was found in keycloak where keycloak may fail to logout user session if the logout request comes from external SAML identity provider and Principal Type is set to Attribute [Name].
CVSS3: 7.1
debian
почти 4 года назад
A flaw was found in keycloak where keycloak may fail to logout user se ...
EPSS
Процентиль: 16%
0.00052
Низкий
7.1 High
CVSS3